From 42e00475d6c2e7bd046a7f71b6e7284f3d73d66d Mon Sep 17 00:00:00 2001 From: ebayShopper Date: Fri, 3 Nov 2017 16:09:14 -0400 Subject: [PATCH] Add sender verification to publish and swap object Continuation of 8035df0 This is important to have on publish to identify cheaters who spam create objects in the database or create objects with bad inventory. - Renamed variables to backport to vanilla - Removed % and & due to code filtering in publicvariableval.txt Changes in modular_build.sqf were the same as player_build.sqf. Tested with building, upgrading buildable/vehicle/tent, downgrading, buying a vehicle, destroying tent and removing an object. --- CHANGE LOG 1.0.6.2.txt | 2 +- .../functions/DZE_deleteTradedVehicle.sqf | 2 +- .../functions/z_at_buyItems.sqf | 6 ++-- SQF/dayz_code/actions/modular_build.sqf | 12 +++---- SQF/dayz_code/actions/object_build.sqf | 2 +- SQF/dayz_code/actions/object_disassembly.sqf | 4 +-- SQF/dayz_code/actions/object_dismantle.sqf | 9 +---- SQF/dayz_code/actions/object_pickup.sqf | 2 +- .../actions/object_upgradeFireplace.sqf | 2 +- .../actions/object_upgradeStorage.sqf | 6 ++-- .../actions/object_upgradebuilding.sqf | 4 +-- SQF/dayz_code/actions/player_build.sqf | 12 +++---- .../actions/player_buildingDowngrade.sqf | 4 +-- SQF/dayz_code/actions/player_destroyTent.sqf | 11 ++----- SQF/dayz_code/actions/player_upgrade.sqf | 6 ++-- SQF/dayz_code/actions/remove.sqf | 2 +- SQF/dayz_code/actions/trade_any_bicycle.sqf | 4 +-- .../actions/trade_any_bicycle_old.sqf | 4 +-- SQF/dayz_code/actions/trade_any_boat.sqf | 4 +-- SQF/dayz_code/actions/trade_any_boat_old.sqf | 4 +-- SQF/dayz_code/actions/trade_any_vehicle.sqf | 4 +-- .../actions/trade_any_vehicle_free.sqf | 4 +-- .../actions/trade_any_vehicle_old.sqf | 4 +-- SQF/dayz_code/compile/player_packTent.sqf | 2 +- .../compile/player_upgradeVehicle.sqf | 2 +- SQF/dayz_code/init/publicEH.sqf | 2 +- SQF/dayz_code/init/variables.sqf | 6 ++-- SQF/dayz_code/system/player_monitor.fsm | 2 +- SQF/dayz_code/traps/functions/remove.sqf | 4 +-- SQF/dayz_server/compile/server_deleteObj.sqf | 14 ++++---- .../compile/server_deleteObjDirect.sqf | 5 ++- .../compile/server_handleSafeGear.sqf | 5 +-- .../compile/server_playerSetup.sqf | 10 +++--- .../compile/server_publishObject.sqf | 13 ++++++-- .../compile/server_publishVehicle2.sqf | 12 +++++-- .../compile/server_publishVehicle3.sqf | 16 ++++++--- SQF/dayz_server/compile/server_swapObject.sqf | 18 ++++++---- .../compile/server_toggle_debug.hpp | 2 +- .../compile/server_updateObject.sqf | 2 +- .../compile/server_verifySender.sqf | 33 +++++++++++++++++++ SQF/dayz_server/init/server_functions.sqf | 1 + 41 files changed, 154 insertions(+), 109 deletions(-) create mode 100644 SQF/dayz_server/compile/server_verifySender.sqf diff --git a/CHANGE LOG 1.0.6.2.txt b/CHANGE LOG 1.0.6.2.txt index ed2f26753..1aa515e62 100644 --- a/CHANGE LOG 1.0.6.2.txt +++ b/CHANGE LOG 1.0.6.2.txt @@ -5,7 +5,7 @@ [NEW] Added secondary iron sight to CZ550 and bolt animations to CZ550 and LeeEnfield by @Streatman [NEW] Added some basic compatibility for falconsan's Ruegen map (beta version released February 2016) [NEW] Admins can now define what parts are returned from modular building parts, see configVariables.sqf/DZE_modularConfig @oiad @BigEgg17 -[NEW] Basic server-side authentication for server_deleteObj, server owners and script makers should review the changes if using PVDZ_obj_Destroy/server_deleteObj and verify custom/redefined code is compliant with these changes https://github.com/EpochModTeam/DayZ-Epoch/commit/8035df0ba0cd928b84085e288c5cb88260870a3e +[NEW] Basic server-side authentication for DeleteObj, PublishObj, PublishVeh and SwapObj, admins and script makers should review the changes if using PVDZ_obj_Destroy/Publish, PVDZE_obj_Swap, PVDZE_veh_Publish/Upgrade or server_deleteObj and verify custom code is compliant with these changes. [NEW] BAF_L85A2_RIS_TWS_DZ to emulate the old behavior of the now NV only BAF_L85A2_RIS_CWS. Server owners must add the weapon on their own #1983 [NEW] Admins can now define a maximum build height, see configVariables.sqf/DZE_BuildHeightLimit. @BigEgg17 diff --git a/SQF/dayz_code/actions/AdvancedTrading/functions/DZE_deleteTradedVehicle.sqf b/SQF/dayz_code/actions/AdvancedTrading/functions/DZE_deleteTradedVehicle.sqf index 0ab2a8eb1..ec191a4b4 100644 --- a/SQF/dayz_code/actions/AdvancedTrading/functions/DZE_deleteTradedVehicle.sqf +++ b/SQF/dayz_code/actions/AdvancedTrading/functions/DZE_deleteTradedVehicle.sqf @@ -58,7 +58,7 @@ if ((count _VehKey2) > 0) then { if (isNil "_localResult2") then { _localResult2 = 0; } else { - PVDZ_obj_Destroy = [(_VehKey2 select 2),(_VehKey2 select 3),player,(_VehKey2 select 1),DZE_AuthKey]; + PVDZ_obj_Destroy = [(_VehKey2 select 2),(_VehKey2 select 3),player,(_VehKey2 select 1),dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; //deleteVehicle (_VehKey2 select 1); }; diff --git a/SQF/dayz_code/actions/AdvancedTrading/functions/z_at_buyItems.sqf b/SQF/dayz_code/actions/AdvancedTrading/functions/z_at_buyItems.sqf index 7ccb1f480..805562635 100644 --- a/SQF/dayz_code/actions/AdvancedTrading/functions/z_at_buyItems.sqf +++ b/SQF/dayz_code/actions/AdvancedTrading/functions/z_at_buyItems.sqf @@ -152,11 +152,11 @@ if (_enoughMoney) then { }; if (_buyingType in DZE_tradeVehicleKeyless) then { - PVDZE_veh_Publish2 = [[_dir,_location],_part_out,true,"0",_activatingPlayer]; + PVDZE_veh_Publish2 = [[_dir,_location],_part_out,true,"0",_activatingPlayer,dayz_authKey]; } else { - PVDZE_veh_Publish2 = [[_dir,_location],_part_out,false,_keySelected,_activatingPlayer]; + PVDZE_veh_Publish2 = [[_dir,_location],_part_out,false,_keySelected,_activatingPlayer,dayz_authKey]; }; - publicVariableServer "PVDZE_veh_Publish2"; + publicVariableServer "PVDZE_veh_Publish2"; _keySelected; }; diff --git a/SQF/dayz_code/actions/modular_build.sqf b/SQF/dayz_code/actions/modular_build.sqf index 809bdb000..6ce3474af 100644 --- a/SQF/dayz_code/actions/modular_build.sqf +++ b/SQF/dayz_code/actions/modular_build.sqf @@ -540,14 +540,14 @@ if (_canBuild select 0) then { //call publish precompiled function with given args and send public variable to server to save item to database if (DZE_permanentPlot) then { _tmpbuilt setVariable ["ownerPUID",dayz_playerUID,true]; - PVDZ_obj_Publish = [_combination,_tmpbuilt,[_dir,_location,dayz_playerUID,_vector],[]]; + PVDZ_obj_Publish = [_combination,_tmpbuilt,[_dir,_location,dayz_playerUID,_vector],[],player,dayz_authKey]; if (_lockable == 3) then { _friendsArr = [[dayz_playerUID,toArray (name player)]]; _tmpbuilt setVariable ["doorfriends", _friendsArr, true]; - PVDZ_obj_Publish = [_combination,_tmpbuilt,[_dir,_location,dayz_playerUID,_vector],_friendsArr]; + PVDZ_obj_Publish = [_combination,_tmpbuilt,[_dir,_location,dayz_playerUID,_vector],_friendsArr,player,dayz_authKey]; }; } else { - PVDZ_obj_Publish = [_combination,_tmpbuilt,[_dir,_location, _vector],[]]; + PVDZ_obj_Publish = [_combination,_tmpbuilt,[_dir,_location, _vector],[],player,dayz_authKey]; }; publicVariableServer "PVDZ_obj_Publish"; @@ -566,12 +566,12 @@ if (_canBuild select 0) then { if (_canBuild select 1) then { _friendsArr = [[dayz_playerUID,toArray (name player)]]; _tmpbuilt setVariable ["plotfriends", _friendsArr, true]; - PVDZ_obj_Publish = [dayz_characterID,_tmpbuilt,[_dir,_location,dayz_playerUID,_vector],_friendsArr]; + PVDZ_obj_Publish = [dayz_characterID,_tmpbuilt,[_dir,_location,dayz_playerUID,_vector],_friendsArr,player,dayz_authKey]; } else { - PVDZ_obj_Publish = [dayz_characterID,_tmpbuilt,[_dir,_location,dayz_playerUID,_vector],[]]; + PVDZ_obj_Publish = [dayz_characterID,_tmpbuilt,[_dir,_location,dayz_playerUID,_vector],[],player,dayz_authKey]; }; } else { - PVDZ_obj_Publish = [dayz_characterID,_tmpbuilt,[_dir,_location, _vector],[]]; + PVDZ_obj_Publish = [dayz_characterID,_tmpbuilt,[_dir,_location, _vector],[],player,dayz_authKey]; }; publicVariableServer "PVDZ_obj_Publish"; }; diff --git a/SQF/dayz_code/actions/object_build.sqf b/SQF/dayz_code/actions/object_build.sqf index 5ebb0dc1c..1e11ffc81 100644 --- a/SQF/dayz_code/actions/object_build.sqf +++ b/SQF/dayz_code/actions/object_build.sqf @@ -90,7 +90,7 @@ if (_build) then { */ _object setVariable ["characterID",dayz_characterID,true]; - PVDZ_obj_Publish = [dayz_characterID,_object,[round _direction, _location], _variables]; + PVDZ_obj_Publish = [dayz_characterID,_object,[round _direction,_location],_variables,player,dayz_authKey]; publicVariableServer "PVDZ_obj_Publish"; diag_log [diag_ticktime, __FILE__, "New Networked object, request to save to hive. PVDZ_obj_Publish:", PVDZ_obj_Publish]; diff --git a/SQF/dayz_code/actions/object_disassembly.sqf b/SQF/dayz_code/actions/object_disassembly.sqf index 3fc301536..7d9ef44a1 100644 --- a/SQF/dayz_code/actions/object_disassembly.sqf +++ b/SQF/dayz_code/actions/object_disassembly.sqf @@ -69,7 +69,7 @@ for "_i" from 1 to 20 do { if (_realObjectStillThere) then { // send to server the destroy request _realObjectStillThere = false; - PVDZ_obj_Destroy = [_objectID,_objectUID,player,_cursorTarget,DZE_AuthKey]; + PVDZ_obj_Destroy = [_objectID,_objectUID,player,_cursorTarget,dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; diag_log [diag_ticktime, __FILE__, "Networked object, request to destroy", PVDZ_obj_Destroy]; } else { @@ -147,7 +147,7 @@ if (!_realObjectStillThere) then { _object setVariable ["ownerArray",_ownerArray,true]; _variables = [[ "ownerArray", _ownerArray]]; _object setVariable ["characterID",_characterID,true]; - PVDZ_obj_Publish = [dayz_characterID,_object,[_dir, _pos],_variables]; + PVDZ_obj_Publish = [dayz_characterID,_object,[_dir, _pos],_variables,player,dayz_authKey]; publicVariableServer "PVDZ_obj_Publish"; diag_log [diag_ticktime, __FILE__, "New Networked object, request to save to hive. PVDZ_obj_Publish:", PVDZ_obj_Publish]; /* diff --git a/SQF/dayz_code/actions/object_dismantle.sqf b/SQF/dayz_code/actions/object_dismantle.sqf index f35e4a9b2..a2cc0d5ee 100644 --- a/SQF/dayz_code/actions/object_dismantle.sqf +++ b/SQF/dayz_code/actions/object_dismantle.sqf @@ -127,16 +127,9 @@ if (_proceed) then { format [localize "STR_BLD_DISMANTLED",typeOf _object] call dayz_rollingMessages; - PVDZ_obj_Destroy = [_objectID,_objectUID,player,_object,DZE_AuthKey]; + PVDZ_obj_Destroy = [_objectID,_objectUID,player,_object,dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; - if (isServer) then { - PVDZ_obj_Destroy call server_deleteObjDirect; - }; - - //Need to update for sanity no client should ever create or delete anything - //deleteVehicle _object; - [_dismantleToo,1,1] call fn_dropItem; }; diff --git a/SQF/dayz_code/actions/object_pickup.sqf b/SQF/dayz_code/actions/object_pickup.sqf index bf93d00fe..db3753ebf 100644 --- a/SQF/dayz_code/actions/object_pickup.sqf +++ b/SQF/dayz_code/actions/object_pickup.sqf @@ -79,7 +79,7 @@ if (_isOk) then { ["PartWoodPile",1,1] call fn_dropItem; ["equip_duct_tape",1,1] call fn_dropItem; }; - PVDZ_obj_Destroy = [(_holder getVariable["ObjectID","0"]),(_holder getVariable["ObjectUID","0"]),player,_holder,DZE_AuthKey]; + PVDZ_obj_Destroy = [(_holder getVariable["ObjectID","0"]),(_holder getVariable["ObjectUID","0"]),player,_holder,dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; } else { deleteVehicle _holder; diff --git a/SQF/dayz_code/actions/object_upgradeFireplace.sqf b/SQF/dayz_code/actions/object_upgradeFireplace.sqf index f8b44e599..269467f98 100644 --- a/SQF/dayz_code/actions/object_upgradeFireplace.sqf +++ b/SQF/dayz_code/actions/object_upgradeFireplace.sqf @@ -158,7 +158,7 @@ if ((_startUpgrade) AND (isClass(_upgradeConfig))) then { [_object,true] call dayz_inflame; _object spawn player_fireMonitor; - PVDZ_obj_Publish = [dayz_characterID,_object,[_dir, _pos],[[[],[]],_magazines,[[],[]]]]; + PVDZ_obj_Publish = [dayz_characterID,_object,[_dir,_pos],[[[],[]],_magazines,[[],[]]],player,dayz_authKey]; publicVariableServer "PVDZ_obj_Publish"; diag_log [diag_ticktime, __FILE__, "New Networked object, request to save to hive. PVDZ_obj_Publish:", PVDZ_obj_Publish]; diff --git a/SQF/dayz_code/actions/object_upgradeStorage.sqf b/SQF/dayz_code/actions/object_upgradeStorage.sqf index e6f60ee33..5c68cdcb5 100644 --- a/SQF/dayz_code/actions/object_upgradeStorage.sqf +++ b/SQF/dayz_code/actions/object_upgradeStorage.sqf @@ -128,7 +128,7 @@ if ((_startUpgrade) AND (isClass(_upgradeConfig))) then { _backpacks = getBackpackCargo _cursorTarget; //remove old tent - PVDZ_obj_Destroy = [_objectID,_objectUID,player,_cursorTarget,DZE_AuthKey]; + PVDZ_obj_Destroy = [_objectID,_objectUID,player,_cursorTarget,dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; //deleteVehicle _cursorTarget; @@ -183,9 +183,9 @@ if ((_startUpgrade) AND (isClass(_upgradeConfig))) then { //publish new tent if (DZE_permanentPlot) then { _object setVariable ["ownerPUID",dayz_playerUID,true]; - PVDZ_obj_Publish = [dayz_characterID,_object,[_dir, _pos, dayz_playerUID],[_weapons,_magazines,_backpacks]]; + PVDZ_obj_Publish = [dayz_characterID,_object,[_dir,_pos,dayz_playerUID],[_weapons,_magazines,_backpacks],player,dayz_authKey]; } else { - PVDZ_obj_Publish = [dayz_characterID,_object,[_dir, _pos],[_weapons,_magazines,_backpacks]]; + PVDZ_obj_Publish = [dayz_characterID,_object,[_dir,_pos],[_weapons,_magazines,_backpacks],player,dayz_authKey]; }; publicVariableServer "PVDZ_obj_Publish"; diag_log [diag_ticktime, __FILE__, "New Networked object, request to save to hive. PVDZ_obj_Publish:", PVDZ_obj_Publish]; diff --git a/SQF/dayz_code/actions/object_upgradebuilding.sqf b/SQF/dayz_code/actions/object_upgradebuilding.sqf index d9249b8d0..5f706cf44 100644 --- a/SQF/dayz_code/actions/object_upgradebuilding.sqf +++ b/SQF/dayz_code/actions/object_upgradebuilding.sqf @@ -127,7 +127,7 @@ _object setVariable ["characterID",_characterID,true]; //remove old object //deleteVehicle _cursorTarget; -PVDZ_obj_Destroy = [_objectID,_objectUID,player,_cursorTarget,DZE_AuthKey]; +PVDZ_obj_Destroy = [_objectID,_objectUID,player,_cursorTarget,dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; // create a weaponholder with dismissed parts @@ -140,7 +140,7 @@ _wh = "WeaponHolder" createVehicle (getPosATL player); //publish new object _variables = [["ownerArray", _ownerArray],["padlockCombination", _ownerPasscode]]; -PVDZ_obj_Publish = [dayz_characterID,_object,[_dir, _pos],_variables]; +PVDZ_obj_Publish = [dayz_characterID,_object,[_dir,_pos],_variables,player,dayz_authKey]; publicVariableServer "PVDZ_obj_Publish"; diag_log [diag_ticktime, __FILE__, "New Networked object, request to save to hive. PVDZ_obj_Publish:", PVDZ_obj_Publish]; /* diff --git a/SQF/dayz_code/actions/player_build.sqf b/SQF/dayz_code/actions/player_build.sqf index c5609dba2..416d3dbdf 100644 --- a/SQF/dayz_code/actions/player_build.sqf +++ b/SQF/dayz_code/actions/player_build.sqf @@ -405,14 +405,14 @@ if (_canBuild select 0) then { _tmpbuilt setVariable ["CharacterID",_combination,true]; if (DZE_permanentPlot) then { _tmpbuilt setVariable ["ownerPUID",dayz_playerUID,true]; - PVDZ_obj_Publish = [_combination,_tmpbuilt,[_dir,_location,dayz_playerUID],[]]; + PVDZ_obj_Publish = [_combination,_tmpbuilt,[_dir,_location,dayz_playerUID],[],player,dayz_authKey]; if (_lockable == 3) then { _friendsArr = [[dayz_playerUID,toArray (name player)]]; _tmpbuilt setVariable ["doorfriends", _friendsArr, true]; - PVDZ_obj_Publish = [_combination,_tmpbuilt,[_dir,_location,dayz_playerUID,_vector],_friendsArr]; + PVDZ_obj_Publish = [_combination,_tmpbuilt,[_dir,_location,dayz_playerUID,_vector],_friendsArr,player,dayz_authKey]; }; } else { - PVDZ_obj_Publish = [_combination,_tmpbuilt,[_dir,_location],[]]; + PVDZ_obj_Publish = [_combination,_tmpbuilt,[_dir,_location],[],player,dayz_authKey]; }; publicVariableServer "PVDZ_obj_Publish"; @@ -431,12 +431,12 @@ if (_canBuild select 0) then { if (_canBuild select 1) then { _friendsArr = [[dayz_playerUID,toArray (name player)]]; _tmpbuilt setVariable ["plotfriends", _friendsArr, true]; - PVDZ_obj_Publish = [dayz_characterID,_tmpbuilt,[_dir,_location,dayz_playerUID],_friendsArr]; + PVDZ_obj_Publish = [dayz_characterID,_tmpbuilt,[_dir,_location,dayz_playerUID],_friendsArr,player,dayz_authKey]; } else { - PVDZ_obj_Publish = [dayz_characterID,_tmpbuilt,[_dir,_location,dayz_playerUID],[]]; + PVDZ_obj_Publish = [dayz_characterID,_tmpbuilt,[_dir,_location,dayz_playerUID],[],player,dayz_authKey]; }; } else { - PVDZ_obj_Publish = [dayz_characterID,_tmpbuilt,[_dir,_location],[]]; + PVDZ_obj_Publish = [dayz_characterID,_tmpbuilt,[_dir,_location],[],player,dayz_authKey]; }; publicVariableServer "PVDZ_obj_Publish"; }; diff --git a/SQF/dayz_code/actions/player_buildingDowngrade.sqf b/SQF/dayz_code/actions/player_buildingDowngrade.sqf index 0f326234b..5bdd118de 100644 --- a/SQF/dayz_code/actions/player_buildingDowngrade.sqf +++ b/SQF/dayz_code/actions/player_buildingDowngrade.sqf @@ -113,9 +113,9 @@ if ((count _upgrade) > 0) then { if (DZE_permanentPlot) then { _ownerID = _obj getVariable["ownerPUID","0"]; _object setVariable ["ownerPUID",_ownerID,true]; - PVDZE_obj_Swap = [_objectCharacterID,_object,[_dir,_location,dayz_playerUID,_vector],_classname,_obj,player]; + PVDZE_obj_Swap = [_objectCharacterID,_object,[_dir,_location,dayz_playerUID,_vector],_classname,_obj,player,[],dayz_authKey]; } else { - PVDZE_obj_Swap = [_objectCharacterID,_object,[_dir,_location, _vector],_classname,_obj,player]; + PVDZE_obj_Swap = [_objectCharacterID,_object,[_dir,_location, _vector],_classname,_obj,player,[],dayz_authKey]; }; publicVariableServer "PVDZE_obj_Swap"; diff --git a/SQF/dayz_code/actions/player_destroyTent.sqf b/SQF/dayz_code/actions/player_destroyTent.sqf index f0cd3da59..56a8b9b8f 100644 --- a/SQF/dayz_code/actions/player_destroyTent.sqf +++ b/SQF/dayz_code/actions/player_destroyTent.sqf @@ -65,16 +65,11 @@ player addMagazine _emptycan; // Added Nutrition-Factor for work ["Working",0,[20,40,15,0]] call dayz_NutritionSystem; -PVDZ_obj_Destroy = [_objectID,_objectUID,player,_obj,DZE_AuthKey,false]; +PVDZ_obj_Destroy = [_objectID,_objectUID,player,_obj,dayz_authKey,false]; publicVariableServer "PVDZ_obj_Destroy"; -//Send killed for object -if (isServer) then { - PVDZ_obj_Destroy call server_deleteObjDirect; -} else { - PVDZ_veh_Save = [_obj, "killed"]; - publicVariableServer "PVDZ_veh_Save"; -}; +PVDZ_veh_Save = [_obj, "killed"]; +publicVariableServer "PVDZ_veh_Save"; //Set fire to item onFire = [_obj,_fireIntensity,time,false,true] spawn BIS_Effects_Burn; diff --git a/SQF/dayz_code/actions/player_upgrade.sqf b/SQF/dayz_code/actions/player_upgrade.sqf index 08ef8a5ba..8dee6e26c 100644 --- a/SQF/dayz_code/actions/player_upgrade.sqf +++ b/SQF/dayz_code/actions/player_upgrade.sqf @@ -137,12 +137,12 @@ if ((count _upgrade) > 0) then { if (_lockable == 3) then { _friendsArr = [[dayz_playerUID,toArray (name player)]]; _object setVariable ["doorfriends", _friendsArr, true]; - PVDZE_obj_Swap = [_objectCharacterID,_object,[_dir,_location,_ownerID,_vector],_classname,_obj,player,_friendsArr]; + PVDZE_obj_Swap = [_objectCharacterID,_object,[_dir,_location,_ownerID,_vector],_classname,_obj,player,_friendsArr,dayz_authKey]; } else { - PVDZE_obj_Swap = [_objectCharacterID,_object,[_dir,_location,_ownerID,_vector],_classname,_obj,player]; + PVDZE_obj_Swap = [_objectCharacterID,_object,[_dir,_location,_ownerID,_vector],_classname,_obj,player,[],dayz_authKey]; }; } else { - PVDZE_obj_Swap = [_objectCharacterID,_object,[_dir,_location,_vector],_classname,_obj,player]; + PVDZE_obj_Swap = [_objectCharacterID,_object,[_dir,_location,_vector],_classname,_obj,player,[],dayz_authKey]; }; publicVariableServer "PVDZE_obj_Swap"; diff --git a/SQF/dayz_code/actions/remove.sqf b/SQF/dayz_code/actions/remove.sqf index 3502d5c78..c68b129fd 100644 --- a/SQF/dayz_code/actions/remove.sqf +++ b/SQF/dayz_code/actions/remove.sqf @@ -152,7 +152,7 @@ if (_proceed && _success) then { _ipos = getPosATL _obj; if(!_isWreck && !_isWreckBuilding) then { - PVDZ_obj_Destroy = [_objectID,_objectUID,player,_obj,DZE_AuthKey]; + PVDZ_obj_Destroy = [_objectID,_objectUID,player,_obj,dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; }; diff --git a/SQF/dayz_code/actions/trade_any_bicycle.sqf b/SQF/dayz_code/actions/trade_any_bicycle.sqf index 667bfc075..a82896b5a 100644 --- a/SQF/dayz_code/actions/trade_any_bicycle.sqf +++ b/SQF/dayz_code/actions/trade_any_bicycle.sqf @@ -123,7 +123,7 @@ if (_finished) then { _location = [_sign] call FNC_GetPos; [_part_out,_sign] call fn_waitForObject; - PVDZE_veh_Publish2 = [[_dir,_location],_part_out,true,dayz_characterID,_activatingPlayer]; + PVDZE_veh_Publish2 = [[_dir,_location],_part_out,true,dayz_characterID,_activatingPlayer,dayz_authKey]; publicVariableServer "PVDZE_veh_Publish2"; format[localize "STR_EPOCH_PLAYER_180",_qty_in,_textPartIn,_textPartOut] call dayz_rollingMessages; @@ -183,7 +183,7 @@ if (_finished) then { //if(_objectID != "0" && _objectUID != "0") then { - PVDZ_obj_Destroy = [_objectID,_objectUID,_activatingPlayer,_obj,DZE_AuthKey]; + PVDZ_obj_Destroy = [_objectID,_objectUID,_activatingPlayer,_obj,dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; //deleteVehicle _obj; diff --git a/SQF/dayz_code/actions/trade_any_bicycle_old.sqf b/SQF/dayz_code/actions/trade_any_bicycle_old.sqf index f835550bc..f39ccf9eb 100644 --- a/SQF/dayz_code/actions/trade_any_bicycle_old.sqf +++ b/SQF/dayz_code/actions/trade_any_bicycle_old.sqf @@ -108,7 +108,7 @@ if (_qty >= _qty_in) then { _location = [_sign] call FNC_GetPos; [_part_out,_sign] call fn_waitForObject; - PVDZE_veh_Publish2 = [[_dir,_location],_part_out,true,dayz_characterID,_activatingPlayer]; + PVDZE_veh_Publish2 = [[_dir,_location],_part_out,true,dayz_characterID,_activatingPlayer,dayz_authKey]; publicVariableServer "PVDZE_veh_Publish2"; format[localize "str_epoch_player_180",_qty_in,_textPartIn,_textPartOut] call dayz_rollingMessages; @@ -156,7 +156,7 @@ if (_qty >= _qty_in) then { _objectID = _obj getVariable ["ObjectID","0"]; _objectUID = _obj getVariable ["ObjectUID","0"]; - PVDZ_obj_Destroy = [_objectID,_objectUID,_activatingPlayer,_obj,DZE_AuthKey]; + PVDZ_obj_Destroy = [_objectID,_objectUID,_activatingPlayer,_obj,dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; //deleteVehicle _obj; diff --git a/SQF/dayz_code/actions/trade_any_boat.sqf b/SQF/dayz_code/actions/trade_any_boat.sqf index d865f5713..cb1d9b313 100644 --- a/SQF/dayz_code/actions/trade_any_boat.sqf +++ b/SQF/dayz_code/actions/trade_any_boat.sqf @@ -128,7 +128,7 @@ if (_finished) then { _location = [_sign] call FNC_GetPos; [_part_out,_sign] call fn_waitForObject; - PVDZE_veh_Publish2 = [[_dir,_location],_part_out,false,_result select 1,_activatingPlayer]; + PVDZE_veh_Publish2 = [[_dir,_location],_part_out,false,_result select 1,_activatingPlayer,dayz_authKey]; publicVariableServer "PVDZE_veh_Publish2"; format[localize "STR_EPOCH_ACTIONS_11",_qty_in,_textPartIn,_textPartOut] call dayz_rollingMessages; @@ -159,7 +159,7 @@ if (_finished) then { if(local _obj && !isNull _obj && alive _obj && !_notSetup) then { - PVDZ_obj_Destroy = [_objectID,_objectUID,_activatingPlayer,_obj,DZE_AuthKey]; + PVDZ_obj_Destroy = [_objectID,_objectUID,_activatingPlayer,_obj,dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; //deleteVehicle _obj; diff --git a/SQF/dayz_code/actions/trade_any_boat_old.sqf b/SQF/dayz_code/actions/trade_any_boat_old.sqf index a00c351a0..4def55c7e 100644 --- a/SQF/dayz_code/actions/trade_any_boat_old.sqf +++ b/SQF/dayz_code/actions/trade_any_boat_old.sqf @@ -114,7 +114,7 @@ if (_qty >= _qty_in) then { _location = [_sign] call FNC_GetPos; [_part_out,_sign] call fn_waitForObject; - PVDZE_veh_Publish2 = [[_dir,_location],_part_out,false,_result select 1,_activatingPlayer]; + PVDZE_veh_Publish2 = [[_dir,_location],_part_out,false,_result select 1,_activatingPlayer,dayz_authKey]; publicVariableServer "PVDZE_veh_Publish2"; format["Bought %3 for %1 %2, key added to toolbelt.",_qty_in,_textPartIn,_textPartOut] call dayz_rollingMessages; @@ -142,7 +142,7 @@ if (_qty >= _qty_in) then { _objectID = _obj getVariable ["ObjectID","0"]; _objectUID = _obj getVariable ["ObjectUID","0"]; - PVDZ_obj_Destroy = [_objectID,_objectUID,_activatingPlayer,_obj,DZE_AuthKey]; + PVDZ_obj_Destroy = [_objectID,_objectUID,_activatingPlayer,_obj,dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; //deleteVehicle _obj; diff --git a/SQF/dayz_code/actions/trade_any_vehicle.sqf b/SQF/dayz_code/actions/trade_any_vehicle.sqf index 21da65915..a546e69ef 100644 --- a/SQF/dayz_code/actions/trade_any_vehicle.sqf +++ b/SQF/dayz_code/actions/trade_any_vehicle.sqf @@ -127,7 +127,7 @@ if (_finished) then { _location = [_sign] call FNC_GetPos; [_part_out,_sign] call fn_waitForObject; - PVDZE_veh_Publish2 = [[_dir,_location],_part_out,false,_result select 1,_activatingPlayer]; + PVDZE_veh_Publish2 = [[_dir,_location],_part_out,false,_result select 1,_activatingPlayer,dayz_authKey]; publicVariableServer "PVDZE_veh_Publish2"; format[localize "STR_EPOCH_ACTIONS_11",_qty_in,_textPartIn,_textPartOut] call dayz_rollingMessages; @@ -189,7 +189,7 @@ if (_finished) then { //if(_objectID != "0" && _objectUID != "0") then { - PVDZ_obj_Destroy = [_objectID,_objectUID,_activatingPlayer,_obj,DZE_AuthKey]; + PVDZ_obj_Destroy = [_objectID,_objectUID,_activatingPlayer,_obj,dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; //deleteVehicle _obj; diff --git a/SQF/dayz_code/actions/trade_any_vehicle_free.sqf b/SQF/dayz_code/actions/trade_any_vehicle_free.sqf index a585f235f..ea194f49e 100644 --- a/SQF/dayz_code/actions/trade_any_vehicle_free.sqf +++ b/SQF/dayz_code/actions/trade_any_vehicle_free.sqf @@ -126,7 +126,7 @@ if (_finished) then { _location = [_sign] call FNC_GetPos; [_part_out,_sign] call fn_waitForObject; - PVDZE_veh_Publish2 = [[_dir,_location],_part_out,true,0,_activatingPlayer]; + PVDZE_veh_Publish2 = [[_dir,_location],_part_out,true,0,_activatingPlayer,dayz_authKey]; publicVariableServer "PVDZE_veh_Publish2"; }; @@ -185,7 +185,7 @@ if (_finished) then { //if(_objectID != "0" && _objectUID != "0") then { - PVDZ_obj_Destroy = [_objectID,_objectUID,_activatingPlayer,_obj,DZE_AuthKey]; + PVDZ_obj_Destroy = [_objectID,_objectUID,_activatingPlayer,_obj,dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; //deleteVehicle _obj; diff --git a/SQF/dayz_code/actions/trade_any_vehicle_old.sqf b/SQF/dayz_code/actions/trade_any_vehicle_old.sqf index 106eb054f..e526df4be 100644 --- a/SQF/dayz_code/actions/trade_any_vehicle_old.sqf +++ b/SQF/dayz_code/actions/trade_any_vehicle_old.sqf @@ -112,7 +112,7 @@ if (_qty >= _qty_in) then { _location = [_sign] call FNC_GetPos; [_part_out,_sign] call fn_waitForObject; - PVDZE_veh_Publish2 = [[_dir,_location],_part_out,false,_result select 1,_activatingPlayer]; + PVDZE_veh_Publish2 = [[_dir,_location],_part_out,false,_result select 1,_activatingPlayer,dayz_authKey]; publicVariableServer "PVDZE_veh_Publish2"; format["Bought %3 for %1 %2, key added to toolbelt.",_qty_in,_textPartIn,_textPartOut] call dayz_rollingMessages; @@ -163,7 +163,7 @@ if (_qty >= _qty_in) then { _objectID = _obj getVariable ["ObjectID","0"]; _objectUID = _obj getVariable ["ObjectUID","0"]; - PVDZ_obj_Destroy = [_objectID,_objectUID,_activatingPlayer,_obj,DZE_AuthKey]; + PVDZ_obj_Destroy = [_objectID,_objectUID,_activatingPlayer,_obj,dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; //deleteVehicle _obj; diff --git a/SQF/dayz_code/compile/player_packTent.sqf b/SQF/dayz_code/compile/player_packTent.sqf index 822504043..377211e1d 100644 --- a/SQF/dayz_code/compile/player_packTent.sqf +++ b/SQF/dayz_code/compile/player_packTent.sqf @@ -53,7 +53,7 @@ if (_ownerID in [dayz_characterID,dayz_playerUID] or typeOf _obj in _campItems) _magazines = getMagazineCargo _obj; _backpacks = getBackpackCargo _obj; - PVDZ_obj_Destroy = [_objectID,_objectUID,player,_obj,DZE_AuthKey]; + PVDZ_obj_Destroy = [_objectID,_objectUID,player,_obj,dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; //deleteVehicle _obj; diff --git a/SQF/dayz_code/compile/player_upgradeVehicle.sqf b/SQF/dayz_code/compile/player_upgradeVehicle.sqf index c4f881786..002c6d75e 100644 --- a/SQF/dayz_code/compile/player_upgradeVehicle.sqf +++ b/SQF/dayz_code/compile/player_upgradeVehicle.sqf @@ -127,7 +127,7 @@ if (_IsNearVehicle >= 1) then { [_newclassname,objNull] call fn_waitForObject; dze_waiting = nil; - PVDZE_veh_Upgrade = [_vehicle,[_dir,_location],_newclassname,true,_objectCharacterID,player]; + PVDZE_veh_Upgrade = [_vehicle,[_dir,_location],_newclassname,true,_objectCharacterID,player,dayz_authKey]; publicVariableServer "PVDZE_veh_Upgrade"; //Wait for hive to finish spawning vehicle. Prevents dupe via player queuing multiple upgrades. diff --git a/SQF/dayz_code/init/publicEH.sqf b/SQF/dayz_code/init/publicEH.sqf index c428c3a08..5f0e57fcd 100644 --- a/SQF/dayz_code/init/publicEH.sqf +++ b/SQF/dayz_code/init/publicEH.sqf @@ -3,7 +3,7 @@ "PVDZ_drg_RLact" addPublicVariableEventHandler {[_this select 1] execVM "\z\addons\dayz_code\medical\load\load_wounded.sqf"}; "PVDZ_hlt_Bleed" addPublicVariableEventHandler {(_this select 1) spawn fnc_usec_damageBleed}; "PVCDZ_veh_SH" addPublicVariableEventHandler {(_this select 1) call fnc_veh_handleDam}; // set damage to vehicle part -"PVCDZ_obj_Damage" addPublicVariableEventHandler {(_this select 1) call fnc_Obj_FenceHandleDam}; // set damage to object. +//"PVCDZ_obj_Damage" addPublicVariableEventHandler {(_this select 1) call fnc_Obj_FenceHandleDam}; // set damage to object. //Vanilla fences not used in Epoch "PVDZ_veh_SF" addPublicVariableEventHandler {(_this select 1) call fnc_veh_handleRepair}; // repair a part from a vehicle "PVCDZ_obj_HideBody" addPublicVariableEventHandler {hideBody (_this select 1)}; "PVCDZ_obj_GutBody" addPublicVariableEventHandler {(_this select 1) spawn local_gutObject}; diff --git a/SQF/dayz_code/init/variables.sqf b/SQF/dayz_code/init/variables.sqf index fa3e4be1e..68779162d 100644 --- a/SQF/dayz_code/init/variables.sqf +++ b/SQF/dayz_code/init/variables.sqf @@ -539,8 +539,8 @@ DZE_maintainRange = ((DZE_PlotPole select 0)+20); if (isNil "DZE_slowZombies") then {DZE_slowZombies = false;}; if (isServer) then { - DZE_ServerPUIDArray = []; - DZE_ServerClientKeys = []; + dayz_serverPUIDArray = []; + dayz_serverClientKeys = []; dayz_traps = []; dead_bodyCleanup = []; needUpdate_objects = []; @@ -570,7 +570,7 @@ if (isServer) then { }; if (!isDedicated) then { - DZE_AuthKey = ""; + dayz_authKey = ""; DZE_LastPingResp = diag_tickTime; dayz_buildingBubbleMonitor = []; DayZ_fuelCans = ["ItemJerrycan","ItemFuelcan","ItemFuelBarrel"]; diff --git a/SQF/dayz_code/system/player_monitor.fsm b/SQF/dayz_code/system/player_monitor.fsm index b82366e6c..d8d0addc6 100644 --- a/SQF/dayz_code/system/player_monitor.fsm +++ b/SQF/dayz_code/system/player_monitor.fsm @@ -738,7 +738,7 @@ class FSM "" \n "_worldspace = PVCDZ_plr_Login2 select 0;" \n "_state = PVCDZ_plr_Login2 select 1;" \n - "DZE_AuthKey = PVCDZ_plr_Login2 select 2;" \n + "dayz_authKey = PVCDZ_plr_Login2 select 2;" \n "" \n "player setVariable [""Achievements"",[],false];" \n "" \n diff --git a/SQF/dayz_code/traps/functions/remove.sqf b/SQF/dayz_code/traps/functions/remove.sqf index e2645c0f4..9be57c726 100644 --- a/SQF/dayz_code/traps/functions/remove.sqf +++ b/SQF/dayz_code/traps/functions/remove.sqf @@ -5,12 +5,12 @@ _objectID = _obj getVariable ["ObjectID","0"]; _objectUID = _obj getVariable ["ObjectUID","0"]; if (isServer) then { - [_objectID,_objectUID,"__SERVER__",_obj] call server_deleteObjDirect; + [_objectID,_objectUID] call server_deleteObjDirect; } else { if (count _this == 2) then { //single use trap triggered, remove with no animation //For normal remove let object_pickup.sqf perform deletion to ensure player has room in gear first, no others remove at same time and animation runs - PVDZ_obj_Destroy = [_objectID,_objectUID,player,_obj,DZE_AuthKey]; + PVDZ_obj_Destroy = [_objectID,_objectUID,player,_obj,dayz_authKey]; publicVariableServer "PVDZ_obj_Destroy"; //deleteVehicle _obj; }; diff --git a/SQF/dayz_server/compile/server_deleteObj.sqf b/SQF/dayz_server/compile/server_deleteObj.sqf index 53b9b6e3e..fc62497dd 100644 --- a/SQF/dayz_server/compile/server_deleteObj.sqf +++ b/SQF/dayz_server/compile/server_deleteObj.sqf @@ -1,8 +1,8 @@ /* -[_objectID,_objectUID,_activatingPlayer,_object,DZE_AuthKey] call server_deleteObj; +[_objectID,_objectUID,_activatingPlayer,_object,dayz_authKey] call server_deleteObj; For PV calls from the client use this function, otherwise if calling directly from the server use server_deleteObjDirect */ -private["_id","_uid","_key","_activatingPlayer","_object","_clientKey","_PlayerUID","_PUIDIndex","_processDelete"]; +private["_id","_uid","_key","_activatingPlayer","_object","_clientKey","_exitReason","_PlayerUID","_processDelete"]; if (count _this < 5) exitWith {diag_log "Server_DeleteObj error: Improper parameter format";}; _id = _this select 0; @@ -12,11 +12,9 @@ _object = _this select 3; _clientKey = _this select 4; _processDelete = if (count _this > 5) then {_this select 5} else {true}; _PlayerUID = getPlayerUID _activatingPlayer; -_PUIDIndex = DZE_ServerPUIDArray find _PlayerUID; -if (_object distance _activatingPlayer > (Z_VehicleDistance + 10)) exitWith {diag_log format["Server_DeleteObj error: Delete verification failed, referenced player is too far away from object. PV ARRAY: %1", _this];}; -if (_PUIDIndex < 0) exitWith {diag_log format["Server_DeleteObj error: PUID NOT FOUND ON SERVER. PV ARRAY: %1", _this];}; -if ((((DZE_ServerClientKeys select _PUIDIndex) select 0) != (owner _activatingPlayer)) || (((DZE_ServerClientKeys select _PUIDIndex) select 1) != _clientKey)) exitWith {diag_log format["Server_DeleteObj error: CLIENT AUTH KEY INCORRECT OR UNRECOGNIZED. PV ARRAY: %1", _this];}; +_exitReason = [_this,"DeleteObj",_object,_clientKey,_PlayerUID,_activatingPlayer] call server_verifySender; +if (_exitReason != "") exitWith {diag_log _exitReason}; if (isServer) then { if (_processDelete) then {deleteVehicle _object}; @@ -25,11 +23,11 @@ if (isServer) then { //Send request _key = format["CHILD:304:%1:",_id]; _key call server_hiveWrite; - diag_log format["DELETE: Player %1 with Player UID %2 deleted object with ID: %3",_activatingPlayer, _PlayerUID, _id]; + diag_log format["DELETE: Player %1(%2) deleted object with ID: %3",_activatingPlayer, _PlayerUID, _id]; } else { //Send request _key = format["CHILD:310:%1:",_uid]; _key call server_hiveWrite; - diag_log format["DELETE: Player %1 with Player UID %2 deleted object with UID: %3",_activatingPlayer, _PlayerUID, _uid]; + diag_log format["DELETE: Player %1(%2) deleted object with UID: %3",_activatingPlayer, _PlayerUID, _uid]; }; }; \ No newline at end of file diff --git a/SQF/dayz_server/compile/server_deleteObjDirect.sqf b/SQF/dayz_server/compile/server_deleteObjDirect.sqf index aa5af451c..ab2fbae7b 100644 --- a/SQF/dayz_server/compile/server_deleteObjDirect.sqf +++ b/SQF/dayz_server/compile/server_deleteObjDirect.sqf @@ -1,11 +1,10 @@ /* -[_objectID,_objectUID,_activatingPlayer] call server_deleteObjDirect; +[_objectID,_objectUID] call server_deleteObjDirect; */ -private["_id","_uid","_key","_activatingPlayer"]; +private["_id","_uid","_key"]; _id = _this select 0; _uid = _this select 1; -_activatingPlayer = _this select 2; if (isServer) then { //remove from database diff --git a/SQF/dayz_server/compile/server_handleSafeGear.sqf b/SQF/dayz_server/compile/server_handleSafeGear.sqf index c08933e9f..4f7755e1d 100644 --- a/SQF/dayz_server/compile/server_handleSafeGear.sqf +++ b/SQF/dayz_server/compile/server_handleSafeGear.sqf @@ -98,7 +98,8 @@ switch (_status) do { _holder setVariable ["BackpackCargo",_backpacks,false]; }; case 2: { //Packing - _packedClass = getText (configFile >> "CfgVehicles" >> _type >> "packedClass"); + _packedClass = getText (configFile >> "CfgVehicles" >> _type >> "packedClass"); + if (_packedClass == "") exitWith {diag_log format["Server_HandleSafeGear Error: invalid object type: %1",_type];}; _weapons = getWeaponCargo _obj; _magazines = getMagazineCargo _obj; _backpacks = getBackpackCargo _obj; @@ -112,7 +113,7 @@ switch (_status) do { [_weapons,_magazines,_backpacks,_holder] call server_addCargo; // Delete safe from database - [_objectID,_objectUID,_player] call server_deleteObjDirect; + [_objectID,_objectUID] call server_deleteObjDirect; }; }; diff --git a/SQF/dayz_server/compile/server_playerSetup.sqf b/SQF/dayz_server/compile/server_playerSetup.sqf index ec8fb9c07..e39ddf0eb 100644 --- a/SQF/dayz_server/compile/server_playerSetup.sqf +++ b/SQF/dayz_server/compile/server_playerSetup.sqf @@ -225,17 +225,17 @@ _playerObj setVariable ["lastPos",getPosATL _playerObj]; _clientID = owner _playerObj; _randomKey = []; -_randomInput = toArray "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890!@#$%^&*"; +_randomInput = toArray "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890!@#$^*"; for "_i" from 0 to 12 do { _randomKey set [count _randomKey, (_randomInput call BIS_fnc_selectRandom)]; }; _randomKey = toString _randomKey; -_findIndex = DZE_ServerPUIDArray find _playerID; +_findIndex = dayz_serverPUIDArray find _playerID; if (_findIndex > -1) then { - DZE_ServerClientKeys set [_findIndex, [_clientID,_randomKey]]; + dayz_serverClientKeys set [_findIndex, [_clientID,_randomKey]]; } else { - DZE_ServerPUIDArray set [(count DZE_ServerPUIDArray), _playerID]; - DZE_ServerClientKeys set [(count DZE_ServerClientKeys), [_clientID,_randomKey]]; + dayz_serverPUIDArray set [(count dayz_serverPUIDArray), _playerID]; + dayz_serverClientKeys set [(count dayz_serverClientKeys), [_clientID,_randomKey]]; }; PVCDZ_plr_Login2 = [_worldspace,_state,_randomKey]; diff --git a/SQF/dayz_server/compile/server_publishObject.sqf b/SQF/dayz_server/compile/server_publishObject.sqf index 74c6bfd81..d2a7eefc6 100644 --- a/SQF/dayz_server/compile/server_publishObject.sqf +++ b/SQF/dayz_server/compile/server_publishObject.sqf @@ -1,13 +1,20 @@ #include "\z\addons\dayz_server\compile\server_toggle_debug.hpp" -private ["_type","_objectUID","_characterID","_object","_worldspace","_key","_ownerArray","_inventory"]; +private ["_type","_objectUID","_characterID","_object","_worldspace","_key","_ownerArray","_inventory","_clientKey","_exitReason","_player","_playerUID"]; + +if (count _this < 6) exitWith {diag_log "Server_PublishObj error: Wrong parameter format";}; _characterID = _this select 0; _object = _this select 1; _worldspace = _this select 2; _inventory = _this select 3; -if (typeName _inventory != "ARRAY") then {_inventory = [];}; //Temp fix for error in player_build.sqf in 1.0.6 release +_player = _this select 4; +_clientKey = _this select 5; _type = typeOf _object; +_playerUID = getPlayerUID _player; + +_exitReason = [_this,"PublishObj",(_worldspace select 1),_clientKey,_playerUID,_player] call server_verifySender; +if (_exitReason != "") exitWith {diag_log _exitReason}; if ([_object, "Server"] call check_publishobject) then { //diag_log ("PUBLISH: Attempt " + str(_object)); @@ -35,7 +42,7 @@ if ([_object, "Server"] call check_publishobject) then { dayz_serverObjectMonitor set [count dayz_serverObjectMonitor,_object]; #ifdef OBJECT_DEBUG - diag_log ["PUBLISH: Created ",_type,"ObjectUID", _objectUID,"characterID", _characterID, " with variables/inventory:", _inventory ]; + diag_log format["PUBLISH: Player %1(%2) created %3 with UID:%4 CID:%5 @%6 inventory:%7",_player,_playerUID,_type,_objectUID,_characterID,((_worldspace select 1) call fa_coor2str),_inventory]; #endif } else { diff --git a/SQF/dayz_server/compile/server_publishVehicle2.sqf b/SQF/dayz_server/compile/server_publishVehicle2.sqf index e89fdf68f..f031e785b 100644 --- a/SQF/dayz_server/compile/server_publishVehicle2.sqf +++ b/SQF/dayz_server/compile/server_publishVehicle2.sqf @@ -1,12 +1,18 @@ -private ["_activatingPlayer","_isOK","_worldspace","_location","_dir","_class","_uid","_key","_keySelected","_characterID","_donotusekey","_object","_result","_outcome","_oid","_object_para"]; -//PVDZE_veh_Publish2 = [[_dir,_location],_part_out,false,_keySelected,_activatingPlayer]; +private ["_activatingPlayer","_isOK","_worldspace","_location","_dir","_class","_uid","_key","_keySelected","_characterID","_donotusekey","_object","_result","_outcome","_oid","_object_para","_clientKey","_exitReason","_playerUID"]; #include "\z\addons\dayz_server\compile\server_toggle_debug.hpp" +if (count _this < 6) exitWith {diag_log "Server_PublishVehicle2 error: Wrong parameter format";}; + _worldspace = _this select 0; _class = _this select 1; _donotusekey = _this select 2; _keySelected = _this select 3; _activatingPlayer = _this select 4; +_clientKey = _this select 5; +_playerUID = getPlayerUID _activatingPlayer; + +_exitReason = [_this,"PublishVehicle2",(_worldspace select 1),_clientKey,_playerUID,_activatingPlayer] call server_verifySender; +if (_exitReason != "") exitWith {diag_log _exitReason}; if(_donotusekey) then { _isOK = true; @@ -89,5 +95,5 @@ if (_outcome != "PASS") then { PVDZE_veh_Init = _object; publicVariable "PVDZE_veh_Init"; - diag_log format["PUBLISH: %1(%2) bought %3 with ObjectUID %4",if (alive _activatingPlayer) then {name _activatingPlayer} else {"DeadPlayer"},getPlayerUID _activatingPlayer,_class,_uid]; + diag_log format["PUBLISH: %1(%2) bought %3 with UID %4 @%5",_activatingPlayer,_playerUID,_class,_uid,(_location call fa_coor2str)]; }; diff --git a/SQF/dayz_server/compile/server_publishVehicle3.sqf b/SQF/dayz_server/compile/server_publishVehicle3.sqf index a1e3dd459..095142ff5 100644 --- a/SQF/dayz_server/compile/server_publishVehicle3.sqf +++ b/SQF/dayz_server/compile/server_publishVehicle3.sqf @@ -1,17 +1,23 @@ -private ["_activatingPlayer","_object","_worldspace","_location","_dir","_class","_uid","_key","_keySelected","_characterID","_donotusekey","_result","_outcome","_oid","_countr","_objectID","_objectUID","_newobject","_weapons","_magazines","_backpacks","_objWpnTypes","_objWpnQty"]; -//PVDZE_veh_Upgrade = [_veh,[_dir,_location],_part_out,false,_keySelected,_activatingPlayer]; +private ["_activatingPlayer","_object","_worldspace","_location","_dir","_class","_uid","_key","_keySelected","_characterID","_donotusekey","_result","_outcome","_oid","_countr","_objectID","_objectUID","_newobject","_weapons","_magazines","_backpacks","_objWpnTypes","_objWpnQty","_clientKey","_playerUID"]; #include "\z\addons\dayz_server\compile\server_toggle_debug.hpp" +if (count _this < 7) exitWith {diag_log "Server_PublishVehicle3 error: Wrong parameter format";}; + _object = _this select 0; _worldspace = _this select 1; _class = _this select 2; _donotusekey = _this select 3; _keySelected = _this select 4; _activatingPlayer = _this select 5; +_clientKey = _this select 6; +_playerUID = getPlayerUID _activatingPlayer; _characterID = _keySelected; +_exitReason = [_this,"PublishVehicle3",(_worldspace select 1),_clientKey,_playerUID,_activatingPlayer] call server_verifySender; +if (_exitReason != "") exitWith {diag_log _exitReason}; + if (!(isClass(configFile >> "CfgVehicles" >> _class)) || isNull _object) exitWith { - diag_log ("HIVE-pv3: Vehicle does not exist: "+ str(_class)); + diag_log ("HIVE-PublishVehicle3 Error: Vehicle does not exist: "+ str(_class)); dze_waiting = "fail"; (owner _activatingPlayer) publicVariableClient "dze_waiting"; }; @@ -70,7 +76,7 @@ if (_outcome != "PASS") then { _newobject = _class createVehicle [0,0,0]; // remove old vehicle from DB - [_objectID,_objectUID,_activatingPlayer] call server_deleteObjDirect; + [_objectID,_objectUID] call server_deleteObjDirect; // switch var to new vehicle at this point. _object = _newobject; @@ -119,5 +125,5 @@ if (_outcome != "PASS") then { dze_waiting = "success"; (owner _activatingPlayer) publicVariableClient "dze_waiting"; - diag_log ("PUBLISH: " + str(_activatingPlayer) + " Upgraded " + (_class) + " with ID " + str(_uid)); + diag_log format["PUBLISH: %1(%2) upgraded %3 with UID %4 @%5",_activatingPlayer,_playerUID,_class,_uid,(_location call fa_coor2str)]; }; \ No newline at end of file diff --git a/SQF/dayz_server/compile/server_swapObject.sqf b/SQF/dayz_server/compile/server_swapObject.sqf index b5cccc617..7c505da91 100644 --- a/SQF/dayz_server/compile/server_swapObject.sqf +++ b/SQF/dayz_server/compile/server_swapObject.sqf @@ -1,16 +1,22 @@ -private ["_class","_uid","_charID","_object","_worldspace","_key","_allowed","_obj","_inv","_objectID","_objectUID","_proceed","_activatingplayer"]; -//[dayz_characterID,_tent,[_dir,_location],"TentStorage"] +private ["_class","_uid","_charID","_object","_worldspace","_key","_allowed","_obj","_inv","_objectID","_objectUID","_proceed","_activatingplayer","_clientKey","_exitReason","_playerUID"]; + +if (count _this < 8) exitWith {diag_log "Server_SwapObject error: Wrong parameter format";}; + _charID = _this select 0; _object = _this select 1; _worldspace = _this select 2; _class = _this select 3; _obj = _this select 4; _activatingplayer = _this select 5; -_inv = if (count _this > 6) then {_this select 6} else {[]}; +_inv = _this select 6; +_clientKey = _this select 7; _proceed = false; - _objectID = "0"; _objectUID = "0"; +_playerUID = getPlayerUID _activatingPlayer; + +_exitReason = [_this,"SwapObject",(_worldspace select 1),_clientKey,_playerUID,_activatingPlayer] call server_verifySender; +if (_exitReason != "") exitWith {diag_log _exitReason}; if(!isNull(_obj)) then { // Find objectID @@ -33,7 +39,7 @@ if(isNull(_object)) then { if(_objectID == "0" && _objectUID == "0") then { _proceed = false; } else { - [_objectID,_objectUID,_activatingplayer,_obj] call server_deleteObjDirect; + [_objectID,_objectUID] call server_deleteObjDirect; }; _allowed = [_object, "Server"] call check_publishobject; @@ -75,4 +81,4 @@ _object enableSimulation false; dayz_serverObjectMonitor set [count dayz_serverObjectMonitor,_object]; -diag_log ("PUBLISH: " + str(_activatingPlayer) + " upgraded " + (_class) + " with ID " + str(_uid)); +diag_log format["PUBLISH: Player %1(%2) upgraded or downgraded object to %3 with UID:%4 @%5",_activatingPlayer,_playerUID,_class,_uid,((_worldspace select 1) call fa_coor2str)]; \ No newline at end of file diff --git a/SQF/dayz_server/compile/server_toggle_debug.hpp b/SQF/dayz_server/compile/server_toggle_debug.hpp index a52aa7f49..93236a8cf 100644 --- a/SQF/dayz_server/compile/server_toggle_debug.hpp +++ b/SQF/dayz_server/compile/server_toggle_debug.hpp @@ -9,7 +9,7 @@ Please request permission to use/alter/distribute from project leader (R4Z0R49) #define LOGIN_DEBUG // comment this out if you don't want any VEHICLE/TENT/OBJECT related debug -#define OBJECT_DEBUG +//#define OBJECT_DEBUG // comment this out if you don't want any PLAYER (WORLDSPACE/INVENTORY/ETC) related debug #define PLAYER_DEBUG diff --git a/SQF/dayz_server/compile/server_updateObject.sqf b/SQF/dayz_server/compile/server_updateObject.sqf index e1de01b36..08b54ce6b 100644 --- a/SQF/dayz_server/compile/server_updateObject.sqf +++ b/SQF/dayz_server/compile/server_updateObject.sqf @@ -192,7 +192,7 @@ _object_killed = { diag_log format["DELETE: Deleted by KEY: %1",_key]; #endif - if (((typeOf _object) in DayZ_removableObjects) or ((typeOf _object) in DZE_isRemovable)) then {[_objectID,_objectUID,"__SERVER__"] call server_deleteObjDirect;}; + if (((typeOf _object) in DayZ_removableObjects) or ((typeOf _object) in DZE_isRemovable)) then {[_objectID,_objectUID] call server_deleteObjDirect;}; }; _object_maintenance = { diff --git a/SQF/dayz_server/compile/server_verifySender.sqf b/SQF/dayz_server/compile/server_verifySender.sqf new file mode 100644 index 000000000..2749661f6 --- /dev/null +++ b/SQF/dayz_server/compile/server_verifySender.sqf @@ -0,0 +1,33 @@ +/* + PVEH does not provide any information about the sender in A2, so + this is necessary to verify the sender was not spoofed. +*/ + +private ["_clientKey","_exitReason","_function","_index","_object","_params","_player","_playerUID"]; + +_params = _this select 0; +_function = "Server_" + (_this select 1); +_object = _this select 2; +_clientKey = _this select 3; +_playerUID = _this select 4; +_player = _this select 5; + +_index = dayz_serverPUIDArray find _playerUID; + +_exitReason = switch true do { + //If object or player is null distance returns 9999+ + //If object or player was moved with setPos on client, position takes a second to update on server + //Coordinates can be used in place of object + case (_object distance _player > (Z_VehicleDistance + 10)): { + format["%1 error: Verification failed, player is too far from object. PV ARRAY: %2",_function,_params] + }; + case (_index < 0): { + format["%1 error: PUID NOT FOUND ON SERVER. PV ARRAY: %2",_function,_params] + }; + case (((dayz_serverClientKeys select _index) select 0 != owner _player) or ((dayz_serverClientKeys select _index) select 1 != _clientKey)): { + format["%1 error: CLIENT AUTH KEY INCORRECT OR UNRECOGNIZED. PV ARRAY: %2",_function,_params] + }; + default {""}; +}; + +_exitReason \ No newline at end of file diff --git a/SQF/dayz_server/init/server_functions.sqf b/SQF/dayz_server/init/server_functions.sqf index ba15eb660..1948c4080 100644 --- a/SQF/dayz_server/init/server_functions.sqf +++ b/SQF/dayz_server/init/server_functions.sqf @@ -28,6 +28,7 @@ base_fireMonitor = compile preprocessFileLineNumbers "\z\addons\dayz_code\system //server_systemCleanup = compile preprocessFileLineNumbers "\z\addons\dayz_server\system\server_cleanup.sqf"; spawnComposition = compile preprocessFileLineNumbers "ca\modules\dyno\data\scripts\objectMapper.sqf"; //"\z\addons\dayz_code\compile\object_mapper.sqf"; server_sendToClient = compile preprocessFileLineNumbers "\z\addons\dayz_server\eventHandlers\server_sendToClient.sqf"; +server_verifySender = compile preprocessFileLineNumbers "\z\addons\dayz_server\compile\server_verifySender.sqf"; // EPOCH ADDITIONS server_addCargo = compile preprocessFileLineNumbers "\z\addons\dayz_server\compile\server_addCargo.sqf";