CfgRemoteExec – Arma 3

From Bohemia Interactive Community
Revision as of 14:25, 12 June 2021 by Lou Montana (talk | contribs) (Text replacement - "<dl class="command_description"> <dt></dt>" to "<dl class="command_description"> <dt></dt>")
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Arma 3 logo black.png1.50

Class containing a list of all scripted functions and commands which can be remotely executed by remoteExec / remoteExecCall (and BIS_fnc_MP, obsolete) on server or client machines. This can be defined in main config.cpp or in campaign or mission Description.ext.


Format

class CfgRemoteExec
{
	// List of Functions allowed to be sent from client via remoteExec
	class Functions
	{
		// RemoteExec modes:
		// 0 - disabled
		// 1 - allowed, taking whitelist into account
		// 2 - allowed, ignoring whitelist (default, because of backward compatibility)
		mode = 2;

		// Ability to send JIP messages:
		// 0 - disable JIP messages
		// 1 - allow JIP messages (default)
		jip = 1;

		class BIS_fnc_aFunction
		{
			// Remote Execution from clients:
			// 0 - allowed on other clients and server (default)
			// 1 - allowed on other clients only
			// 2 - allowed on server only
			// any other value will be treated as 0
			allowedTargets = 0;

			// overrides the global Functions setting for this function
			jip = 0;
		};
	};

	// List of Commands allowed to be sent from client via remoteExec
	class Commands
	{
		mode = 1;

		class setDir
		{
			allowedTargets = 2;
			jip = 0;
		};
		// etc
	};
};


Safe Config

This config only allows needed default game functions - see Notes below. 

class CfgRemoteExec
{
	class Functions
	{
		mode = 1;	// whitelist
		jip = 0;	// JIP not allowed

		class BIS_fnc_effectKilledAirDestruction	{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_effectKilledSecondaries		{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_objectVar						{ allowedTargets = 0; jip = 0; };
		class BIS_fnc_setCustomSoundController		{ allowedTargets = 0; jip = 0; };

/*
		class BIS_fnc_debugConsoleExec				{ allowedTargets = 0; }; // allow debug console - optional
*/
	};
};


initPlayerServer.sqf

If execVM is not in the commands whitelist, initPlayerServer.sqf will not be executed. To have it functional without allowing execVM, use the following workaround through CfgFunctions: 

class CfgFunctions
{
	class TAG
	{
		class Category
		{
			class initPlayerServer { file = "initPlayerServer.sqf"; };
		};
	};
};

class CfgRemoteExec
{
	class Functions
	{
		mode = 1;
		class TAG_fnc_initPlayerServer { allowedTargets = 2; };
	};
};

and have it run from init.sqf: if (hasInterface) then { [] spawn { waitUntil { not isNull player }; [player, didJIP] remoteExec ["TAG_fnc_initPlayerServer", 2]; }; };


Default Config

The default CfgRemoteExec in game's main config has outdated format and is left for backward compatibility only.

It was used by the old BIS_fnc_MP directly. Classes Client and Server are obsolete.

The new RemoteExec mechanics ignores it and by default all functions and commands are allowed.

This is the default config.cpp entry (obsolete): 

class CfgRemoteExec
{
	class Server
	{
		class Functions
		{
			mode = 2;
		};
		class Commands
		{
			mode = 2;
		};
	};
	class Client
	{
		class Functions
		{
			mode = 2;
		};
		class Commands
		{
			mode = 2;
		};
	};
};


Notes

Posted on January 1, 2016
AgentRev
  • As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1: 
    class BIS_fnc_effectKilledAirDestruction {};
class BIS_fnc_effectKilledSecondaries {};
class BIS_fnc_objectVar {};
class BIS_fnc_setCustomSoundController {};
  • For initPlayerServer.sqf to work, BIS_fnc_execVM would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use this method instead.
  • For the debug console to be able to execute anything (even locally), BIS_fnc_debugConsoleExec must be whitelisted. This function only works when its remoteExecutedOwner is admin, so it is safe to whitelist for everyone.
  • remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output: format ["%1 %2", functionName, str params] The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through: !="\w+?_fnc_\w+? \[[\S\s]*\]" Any attempt to exploit this exclusion using other RE methods like createUnit will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.
Retrieved from "https://community.bistudio.com/wiki?title=Arma_3:_CfgRemoteExec&oldid=268517"