CfgRemoteExec – Arma 3

From Bohemia Interactive Community
Jump to navigation Jump to search
m (R3vo moved page CfgRemoteExec to Arma 3 CfgRemoteExec: added TAG)
m (Moved some information from Arma 3: Remote Execution)
(21 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{GVI|arma3|1.50|category}}
{{TOC|side}}
 
CfgRemoteExec defines rules for the remote execution of functions and commands. These rules only apply to clients. The server is not subject to any limitations, everything is enabled and allowed for it.
 
{{Feature|Informative|As usual, the more local config takes precedence: [[Description.ext|Mission Description.ext]] ([[missionConfigFile]]) &gt; [[Campaign Description.ext]] ([[campaignConfigFile]]) &gt; Game / Mod Config ([[configFile]]). If several definitions for CfgRemoteExec exist, the <tt>mode</tt> attribute will be overridden by the last parsed config and whitelisted functions and commands will be merged.}}
 
See [[Arma 3: Remote Execution]] for more information about remote execution.


== Description ==
Class containing a list of all scripted functions and commands which can be remotely executed by [[BIS_fnc_MP]] / [[remoteExec]] / [[remoteExecCall]] on server or client machines. Can be defined in [[Config.cpp]] or in campaign's or mission's [[Description.ext]]. The most local variant is used. See also [[CfgRemoteExecCommands]].


== Format ==
== Format ==
class CfgRemoteExec
<syntaxhighlight lang="cpp">
{
class CfgRemoteExec
{{codecomment|// List of script functions allowed to be sent from client via remoteExec}}
{
class Functions
class Functions
{
{
{{codecomment|// RemoteExec modes:
/*
// 0- turned off
Operation modes:
// 1- turned on, taking whitelist into account
0 - remote execution is blocked
// 2- turned on, ignoring whitelist (default, because of backward compatibility)}}
1 - only whitelisted functions / commands are allowed
mode = 2;
2 - remote execution is fully allowed, ignoring the whitelist (default, because of backward compatibility)
*/
{{codecomment|// Ability to send jip messages: 0-disabled, 1-enabled (default)}}
mode = 2;
jip = 1;
 
/*
{{codecomment|// your functions here}}
JIP:
class BIS_fnc_aFunction
0 - JIP flag can not be set
{
1 - JIP flag can be set (default)
allowedTargets = 0; {{codecomment|// can target anyone (default)}}
*/
jip = 0; {{codecomment|// sending jip messages is disabled for this function}}
jip = 1;
{{codecomment|// (overrides settings in the Functions class)}}
 
};
class BIS_fnc_someFunction
class YourFunctionOne { allowedTargets = 1; }; {{codecomment|// can target only clients}}
{
class YourFunctionTwo { allowedTargets = 2; }; {{codecomment|// can target only the server}}
/*
};
Allowed targets:
0 - can target all machines (default)
{{codecomment|// List of script commands allowed to be sent from client via remoteExec}}
1 - can only target clients, execution on the server is denied
class Commands
2 - can only target the server, execution on clients is denied
{
Any other value will be treated as 0.
{{codecomment|// your commands here}}
*/
class setDir
allowedTargets = 0;
{
 
allowedTargets = 2; {{codecomment|// can target only the server}}
//Override the global setting (defined in class Functions) for this function:
jip = 0; {{codecomment|// sending jip is turned off}}
jip = 0;
{{codecomment|// (overrides settings in the Commands class)}}
};
  };
};
 
class Commands
{
mode = 1;
 
class setDir
{
allowedTargets = 2;
jip = 0;
};
};
};
</syntaxhighlight>
As demonstrated with the <tt>jip</tt> attribute in class <tt>BIS_fnc_someFunction</tt>, global settings can be overridden for individual functions / commands.
 
 
== Safe Config ==
This config only allows required default game functions (see [[#Notes|Notes]]).
<syntaxhighlight lang="cpp">
class CfgRemoteExec
{
class Functions
{
mode = 1; //Whitelist only
jip = 0; //JIP flag not allowed
 
class BIS_fnc_effectKilledAirDestruction { allowedTargets = 0; jip = 0; };
class BIS_fnc_effectKilledSecondaries { allowedTargets = 0; jip = 0; };
class BIS_fnc_objectVar { allowedTargets = 0; jip = 0; };
class BIS_fnc_setCustomSoundController { allowedTargets = 0; jip = 0; };
 
/*
class BIS_fnc_debugConsoleExec { allowedTargets = 0; }; //Allow debug console (optional)
*/
};
};
</syntaxhighlight>
 
 
== initPlayerServer.sqf ==
If [[execVM]] is not whitelisted, [[Event Scripts|initPlayerServer.sqf]] will not be executed. To have it functional without allowing [[execVM]], use the following workaround through [[Arma 3: Functions Library|CfgFunctions]]:
<syntaxhighlight lang="cpp">
class CfgFunctions
{
class TAG
{
class Category
{
class initPlayerServer { file = "initPlayerServer.sqf"; };
};
};
};
</syntaxhighlight>
<syntaxhighlight lang="cpp">
class CfgRemoteExec
{
class Functions
{
mode = 1;
class TAG_fnc_initPlayerServer { allowedTargets = 2; };
};
};
</syntaxhighlight>
Then execute it from [[Event Scripts|init.sqf]]:
[[if]] ([[hasInterface]]) [[then]] {
[] [[spawn]] {
[[waitUntil]] {![[isNull]] [[player]]};
  [<nowiki/>[[player]], [[didJIP]]] [[remoteExec]] ["TAG_fnc_initPlayerServer", 2];
  };
  };
  };
  };
== Default Config ==
{{Feature|Informative|The default <tt>CfgRemoteExec</tt> in the game's main config uses an outdated format and is left for backward compatibility only (it was used directly by [[BIS_fnc_MP]]). The <tt>Client</tt> and <tt>Server</tt> classes are obsolete now. The new [[Arma_3:_Remote_Execution#Remote_Execution_Framework|Remote Execution Framework]] ignores it (by default, all functions and commands are allowed).}}
This is the default [[config.cpp]] entry (obsolete):
<spoiler>
<syntaxhighlight lang="cpp">
class CfgRemoteExec
{
class Server
{
class Functions
{
mode = 2;
};
class Commands
{
mode = 2;
};
};
class Client
{
class Functions
{
mode = 2;
};
class Commands
{
mode = 2;
};
};
};
</syntaxhighlight>
</spoiler>




== Notes ==
== Notes ==
<dl class="command_description">
<dl class="command_description">
<dt></dt>
<dd class="notedate">Posted on January 1, 2016</dd>
<dd class="notedate">Posted on January 1, 2016</dd>
<dt class="note">[[User:AgentRevolution|AgentRev]]</dt>
<dt class="note">[[User:AgentRevolution|AgentRev]]</dt>
<dd class="note">
<dd class="note">
<ul>
<ul>
<li>As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if <tt>class Functions</tt> is set to <tt>mode = 1;</tt>
<li>As [[BIS_fnc_MP]] now uses [[remoteExec]], there are some functions spontaneously called by the game core that require whitelisting in order to work if <tt>class Functions</tt> is set to <tt>mode = 1</tt>:
<code>class BIS_fnc_effectKilledAirDestruction {};
<syntaxhighlight lang="cpp">
class BIS_fnc_effectKilledAirDestruction {};
class BIS_fnc_effectKilledSecondaries {};
class BIS_fnc_effectKilledSecondaries {};
class BIS_fnc_objectVar {};
class BIS_fnc_objectVar {};
</code><br/>
class BIS_fnc_setCustomSoundController {};
<li>For [[Event_Scripts|initPlayerServer.sqf]] to work, [[BIS_fnc_execVM]] would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist.<br/><br/>
</syntaxhighlight></li>
<li>For the debug console to be able to execute anything (even locally), [[BIS_fnc_debugConsoleExec]] must be whitelisted. This function only works when its [[remoteExecutedOwner]] is [[admin]], so it is safe to whitelist for everyone.<br/><br/>
<li>For [[Event Scripts|initPlayerServer.sqf]] to work, [[BIS_fnc_execVM]] would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use [https://www.reddit.com/r/armadev/comments/8fkitd/initplayerserversqf_therefore_initplayerserversqf/dy5k5pf/ this method] instead.</li>
<li>remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output:
<li>For the debug console to be able to execute anything (even locally), [[BIS_fnc_debugConsoleExec]] must be whitelisted. This function only works when its [[remoteExecutedOwner]] is [[admin]], so it is safe to whitelist for everyone.</li>
<li>[[remoteExec]] and [[remoteExecCall]] are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output:
<code>[[format]] ["%1 %2", functionName, [[str]] params]</code>
<code>[[format]] ["%1 %2", functionName, [[str]] params]</code>
The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through:
The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through:
<code>!="\w+?_fnc_\w+? \[[\S\s]*\]"</code>
<code>!="\w+?_fnc_\w+? \[[\S\s]*\]"</code>
Any attempt to exploit this exclusion using other RE methods like [[createUnit]] will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.
Any attempt to exploit this exclusion using other RE methods like [[createUnit]] will run into "Error Missing ;" without any malicious code being executed.
Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.
</ul>
</ul>
</dd>
</dd>
</dl>
</dl>




[[Category:Arma_3:_Editing]]
{{GameCategory|arma3|Remote Execution}}
[[Category:Introduced with Arma 3 version 1.50]]

Revision as of 15:49, 12 August 2021

CfgRemoteExec defines rules for the remote execution of functions and commands. These rules only apply to clients. The server is not subject to any limitations, everything is enabled and allowed for it.

As usual, the more local config takes precedence: Mission Description.ext (missionConfigFile) > Campaign Description.ext (campaignConfigFile) > Game / Mod Config (configFile). If several definitions for CfgRemoteExec exist, the mode attribute will be overridden by the last parsed config and whitelisted functions and commands will be merged.

See Arma 3: Remote Execution for more information about remote execution.


Format

class CfgRemoteExec
{
	class Functions
	{
		/*
		Operation modes:
			0 - remote execution is blocked
			1 - only whitelisted functions / commands are allowed
			2 - remote execution is fully allowed, ignoring the whitelist (default, because of backward compatibility)
		*/
		mode = 2;

		/*
		JIP:
			0 - JIP flag can not be set
			1 - JIP flag can be set (default)
		*/
		jip = 1;

		class BIS_fnc_someFunction
		{
			/*
			Allowed targets:
				0 - can target all machines (default)
				1 - can only target clients, execution on the server is denied
				2 - can only target the server, execution on clients is denied
				Any other value will be treated as 0.
			*/
			allowedTargets = 0;

			//Override the global setting (defined in class Functions) for this function:
			jip = 0;
		};
	};

	class Commands
	{
		mode = 1;

		class setDir
		{
			allowedTargets = 2;
			jip = 0;
		};
	};
};

As demonstrated with the jip attribute in class BIS_fnc_someFunction, global settings can be overridden for individual functions / commands.


Safe Config

This config only allows required default game functions (see Notes). 

class CfgRemoteExec
{
	class Functions
	{
		mode = 1;	//Whitelist only
		jip = 0;	//JIP flag not allowed

		class BIS_fnc_effectKilledAirDestruction	{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_effectKilledSecondaries		{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_objectVar					{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_setCustomSoundController		{ allowedTargets = 0; jip = 0; };

/*
		class BIS_fnc_debugConsoleExec				{ allowedTargets = 0; }; //Allow debug console (optional)
*/
	};
};


initPlayerServer.sqf

If execVM is not whitelisted, initPlayerServer.sqf will not be executed. To have it functional without allowing execVM, use the following workaround through CfgFunctions: 

class CfgFunctions
{
	class TAG
	{
		class Category
		{
			class initPlayerServer { file = "initPlayerServer.sqf"; };
		};
	};
};

class CfgRemoteExec
{
	class Functions
	{
		mode = 1;
		class TAG_fnc_initPlayerServer { allowedTargets = 2; };
	};
};

Then execute it from init.sqf: 

if (hasInterface) then {
	[] spawn {
		waitUntil {!isNull player};
		[player, didJIP] remoteExec ["TAG_fnc_initPlayerServer", 2];
	};
};


Default Config

The default CfgRemoteExec in the game's main config uses an outdated format and is left for backward compatibility only (it was used directly by BIS_fnc_MP). The Client and Server classes are obsolete now. The new Remote Execution Framework ignores it (by default, all functions and commands are allowed).

This is the default config.cpp entry (obsolete): 

class CfgRemoteExec
{
	class Server
	{
		class Functions
		{
			mode = 2;
		};
		class Commands
		{
			mode = 2;
		};
	};
	class Client
	{
		class Functions
		{
			mode = 2;
		};
		class Commands
		{
			mode = 2;
		};
	};
};


Notes

Posted on January 1, 2016
AgentRev
  • As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1: 
    class BIS_fnc_effectKilledAirDestruction {};
class BIS_fnc_effectKilledSecondaries {};
class BIS_fnc_objectVar {};
class BIS_fnc_setCustomSoundController {};
  • For initPlayerServer.sqf to work, BIS_fnc_execVM would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use this method instead.
  • For the debug console to be able to execute anything (even locally), BIS_fnc_debugConsoleExec must be whitelisted. This function only works when its remoteExecutedOwner is admin, so it is safe to whitelist for everyone.
  • remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output: format ["%1 %2", functionName, str params] The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through: !="\w+?_fnc_\w+? \[[\S\s]*\]" Any attempt to exploit this exclusion using other RE methods like createUnit will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.
Retrieved from "https://community.bistudio.com/wiki?title=Arma_3:_CfgRemoteExec&oldid=292931"