W0LF/DayZ-Epoch
1
0
Fork 0
mirror of https://github.com/EpochModTeam/DayZ-Epoch.git synced 2025-12-17 17:20:26 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add sender verification to publish and swap object

Browse Source 
Continuation of 8035df0

This is important to have on publish to identify cheaters who spam
create objects in the database or create objects with bad inventory.

- Renamed variables to backport to vanilla
- Removed % and & due to code filtering in publicvariableval.txt

Changes in modular_build.sqf were the same as player_build.sqf.

Tested with building, upgrading buildable/vehicle/tent, downgrading,
buying a vehicle, destroying tent and removing an object.
This commit is contained in:
ebayShopper
2017-11-03 16:09:14 -04:00
parent 6e48434001
commit 42e00475d6
41 changed files with 154 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
SQF/dayz_server/compile/server_deleteObj.sqf
View File

@@ -1,8 +1,8 @@
/*
[_objectID,_objectUID,_activatingPlayer,_object,DZE_AuthKey] call server_deleteObj;
[_objectID,_objectUID,_activatingPlayer,_object,dayz_authKey] call server_deleteObj;
For PV calls from the client use this function, otherwise if calling directly from the server use server_deleteObjDirect
*/
private["_id","_uid","_key","_activatingPlayer","_object","_clientKey","_PlayerUID","_PUIDIndex","_processDelete"];
private["_id","_uid","_key","_activatingPlayer","_object","_clientKey","_exitReason","_PlayerUID","_processDelete"];
if (count _this < 5) exitWith {diag_log "Server_DeleteObj error: Improper parameter format";};
_id = _this select 0;
@@ -12,11 +12,9 @@ _object = _this select 3;
_clientKey = _this select 4;
_processDelete = if (count _this > 5) then {_this select 5} else {true};
_PlayerUID = getPlayerUID _activatingPlayer;
_PUIDIndex = DZE_ServerPUIDArray find _PlayerUID;
if (_object distance _activatingPlayer > (Z_VehicleDistance + 10)) exitWith {diag_log format["Server_DeleteObj error: Delete verification failed, referenced player is too far away from object. PV ARRAY: %1", _this];};
if (_PUIDIndex < 0) exitWith {diag_log format["Server_DeleteObj error: PUID NOT FOUND ON SERVER. PV ARRAY: %1", _this];};
if ((((DZE_ServerClientKeys select _PUIDIndex) select 0) != (owner _activatingPlayer)) || (((DZE_ServerClientKeys select _PUIDIndex) select 1) != _clientKey)) exitWith {diag_log format["Server_DeleteObj error: CLIENT AUTH KEY INCORRECT OR UNRECOGNIZED. PV ARRAY: %1", _this];};
_exitReason = [_this,"DeleteObj",_object,_clientKey,_PlayerUID,_activatingPlayer] call server_verifySender;
if (_exitReason != "") exitWith {diag_log _exitReason};
if (isServer) then {
if (_processDelete) then {deleteVehicle _object};
@@ -25,11 +23,11 @@ if (isServer) then {
//Send request
_key = format["CHILD:304:%1:",_id];
_key call server_hiveWrite;
diag_log format["DELETE: Player %1 with Player UID %2 deleted object with ID: %3",_activatingPlayer, _PlayerUID, _id];
diag_log format["DELETE: Player %1(%2) deleted object with ID: %3",_activatingPlayer, _PlayerUID, _id];
} else {
//Send request
_key = format["CHILD:310:%1:",_uid];
_key call server_hiveWrite;
diag_log format["DELETE: Player %1 with Player UID %2 deleted object with UID: %3",_activatingPlayer, _PlayerUID, _uid];
diag_log format["DELETE: Player %1(%2) deleted object with UID: %3",_activatingPlayer, _PlayerUID, _uid];
};
};

5
SQF/dayz_server/compile/server_deleteObjDirect.sqf
View File

@@ -1,11 +1,10 @@
/*
[_objectID,_objectUID,_activatingPlayer] call server_deleteObjDirect;
[_objectID,_objectUID] call server_deleteObjDirect;
*/
private["_id","_uid","_key","_activatingPlayer"];
private["_id","_uid","_key"];
_id = _this select 0;
_uid = _this select 1;
_activatingPlayer = _this select 2;
if (isServer) then {
//remove from database

5
SQF/dayz_server/compile/server_handleSafeGear.sqf
View File

@@ -98,7 +98,8 @@ switch (_status) do {
_holder setVariable ["BackpackCargo",_backpacks,false];
};
case 2: { //Packing
_packedClass = getText (configFile >> "CfgVehicles" >> _type >> "packedClass");
_packedClass = getText (configFile >> "CfgVehicles" >> _type >> "packedClass");
if (_packedClass == "") exitWith {diag_log format["Server_HandleSafeGear Error: invalid object type: %1",_type];};
_weapons = getWeaponCargo _obj;
_magazines = getMagazineCargo _obj;
_backpacks = getBackpackCargo _obj;
@@ -112,7 +113,7 @@ switch (_status) do {
[_weapons,_magazines,_backpacks,_holder] call server_addCargo;
// Delete safe from database
[_objectID,_objectUID,_player] call server_deleteObjDirect;
[_objectID,_objectUID] call server_deleteObjDirect;
};
};

10
SQF/dayz_server/compile/server_playerSetup.sqf
View File

@@ -225,17 +225,17 @@ _playerObj setVariable ["lastPos",getPosATL _playerObj];
_clientID = owner _playerObj;
_randomKey = [];
_randomInput = toArray "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890!@#$%^&*";
_randomInput = toArray "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890!@#$^*";
for "_i" from 0 to 12 do {
_randomKey set [count _randomKey, (_randomInput call BIS_fnc_selectRandom)];
};
_randomKey = toString _randomKey;
_findIndex = DZE_ServerPUIDArray find _playerID;
_findIndex = dayz_serverPUIDArray find _playerID;
if (_findIndex > -1) then {
DZE_ServerClientKeys set [_findIndex, [_clientID,_randomKey]];
dayz_serverClientKeys set [_findIndex, [_clientID,_randomKey]];
} else {
DZE_ServerPUIDArray set [(count DZE_ServerPUIDArray), _playerID];
DZE_ServerClientKeys set [(count DZE_ServerClientKeys), [_clientID,_randomKey]];
dayz_serverPUIDArray set [(count dayz_serverPUIDArray), _playerID];
dayz_serverClientKeys set [(count dayz_serverClientKeys), [_clientID,_randomKey]];
};
PVCDZ_plr_Login2 = [_worldspace,_state,_randomKey];

13
SQF/dayz_server/compile/server_publishObject.sqf
View File

@@ -1,13 +1,20 @@
#include "\z\addons\dayz_server\compile\server_toggle_debug.hpp"
private ["_type","_objectUID","_characterID","_object","_worldspace","_key","_ownerArray","_inventory"];
private ["_type","_objectUID","_characterID","_object","_worldspace","_key","_ownerArray","_inventory","_clientKey","_exitReason","_player","_playerUID"];
if (count _this < 6) exitWith {diag_log "Server_PublishObj error: Wrong parameter format";};
_characterID = _this select 0;
_object = _this select 1;
_worldspace = _this select 2;
_inventory = _this select 3;
if (typeName _inventory != "ARRAY") then {_inventory = [];}; //Temp fix for error in player_build.sqf in 1.0.6 release
_player = _this select 4;
_clientKey = _this select 5;
_type = typeOf _object;
_playerUID = getPlayerUID _player;
_exitReason = [_this,"PublishObj",(_worldspace select 1),_clientKey,_playerUID,_player] call server_verifySender;
if (_exitReason != "") exitWith {diag_log _exitReason};
if ([_object, "Server"] call check_publishobject) then {
//diag_log ("PUBLISH: Attempt " + str(_object));
@@ -35,7 +42,7 @@ if ([_object, "Server"] call check_publishobject) then {
dayz_serverObjectMonitor set [count dayz_serverObjectMonitor,_object];
#ifdef OBJECT_DEBUG
diag_log ["PUBLISH: Created ",_type,"ObjectUID", _objectUID,"characterID", _characterID, " with variables/inventory:", _inventory ];
diag_log format["PUBLISH: Player %1(%2) created %3 with UID:%4 CID:%5 @%6 inventory:%7",_player,_playerUID,_type,_objectUID,_characterID,((_worldspace select 1) call fa_coor2str),_inventory];
#endif
}
else {

12
SQF/dayz_server/compile/server_publishVehicle2.sqf
View File

@@ -1,12 +1,18 @@
private ["_activatingPlayer","_isOK","_worldspace","_location","_dir","_class","_uid","_key","_keySelected","_characterID","_donotusekey","_object","_result","_outcome","_oid","_object_para"];
//PVDZE_veh_Publish2 = [[_dir,_location],_part_out,false,_keySelected,_activatingPlayer];
private ["_activatingPlayer","_isOK","_worldspace","_location","_dir","_class","_uid","_key","_keySelected","_characterID","_donotusekey","_object","_result","_outcome","_oid","_object_para","_clientKey","_exitReason","_playerUID"];
#include "\z\addons\dayz_server\compile\server_toggle_debug.hpp"
if (count _this < 6) exitWith {diag_log "Server_PublishVehicle2 error: Wrong parameter format";};
_worldspace = _this select 0;
_class = _this select 1;
_donotusekey = _this select 2;
_keySelected = _this select 3;
_activatingPlayer = _this select 4;
_clientKey = _this select 5;
_playerUID = getPlayerUID _activatingPlayer;
_exitReason = [_this,"PublishVehicle2",(_worldspace select 1),_clientKey,_playerUID,_activatingPlayer] call server_verifySender;
if (_exitReason != "") exitWith {diag_log _exitReason};
if(_donotusekey) then {
_isOK = true;
@@ -89,5 +95,5 @@ if (_outcome != "PASS") then {
PVDZE_veh_Init = _object;
publicVariable "PVDZE_veh_Init";
diag_log format["PUBLISH: %1(%2) bought %3 with ObjectUID %4",if (alive _activatingPlayer) then {name _activatingPlayer} else {"DeadPlayer"},getPlayerUID _activatingPlayer,_class,_uid];
diag_log format["PUBLISH: %1(%2) bought %3 with UID %4 @%5",_activatingPlayer,_playerUID,_class,_uid,(_location call fa_coor2str)];
};

16
SQF/dayz_server/compile/server_publishVehicle3.sqf
View File

@@ -1,17 +1,23 @@
private ["_activatingPlayer","_object","_worldspace","_location","_dir","_class","_uid","_key","_keySelected","_characterID","_donotusekey","_result","_outcome","_oid","_countr","_objectID","_objectUID","_newobject","_weapons","_magazines","_backpacks","_objWpnTypes","_objWpnQty"];
//PVDZE_veh_Upgrade = [_veh,[_dir,_location],_part_out,false,_keySelected,_activatingPlayer];
private ["_activatingPlayer","_object","_worldspace","_location","_dir","_class","_uid","_key","_keySelected","_characterID","_donotusekey","_result","_outcome","_oid","_countr","_objectID","_objectUID","_newobject","_weapons","_magazines","_backpacks","_objWpnTypes","_objWpnQty","_clientKey","_playerUID"];
#include "\z\addons\dayz_server\compile\server_toggle_debug.hpp"
if (count _this < 7) exitWith {diag_log "Server_PublishVehicle3 error: Wrong parameter format";};
_object = _this select 0;
_worldspace = _this select 1;
_class = _this select 2;
_donotusekey = _this select 3;
_keySelected = _this select 4;
_activatingPlayer = _this select 5;
_clientKey = _this select 6;
_playerUID = getPlayerUID _activatingPlayer;
_characterID = _keySelected;
_exitReason = [_this,"PublishVehicle3",(_worldspace select 1),_clientKey,_playerUID,_activatingPlayer] call server_verifySender;
if (_exitReason != "") exitWith {diag_log _exitReason};
if (!(isClass(configFile >> "CfgVehicles" >> _class)) || isNull _object) exitWith {
diag_log ("HIVE-pv3: Vehicle does not exist: "+ str(_class));
diag_log ("HIVE-PublishVehicle3 Error: Vehicle does not exist: "+ str(_class));
dze_waiting = "fail";
(owner _activatingPlayer) publicVariableClient "dze_waiting";
};
@@ -70,7 +76,7 @@ if (_outcome != "PASS") then {
_newobject = _class createVehicle [0,0,0];
// remove old vehicle from DB
[_objectID,_objectUID,_activatingPlayer] call server_deleteObjDirect;
[_objectID,_objectUID] call server_deleteObjDirect;
// switch var to new vehicle at this point.
_object = _newobject;
@@ -119,5 +125,5 @@ if (_outcome != "PASS") then {
dze_waiting = "success";
(owner _activatingPlayer) publicVariableClient "dze_waiting";
diag_log ("PUBLISH: " + str(_activatingPlayer) + " Upgraded " + (_class) + " with ID " + str(_uid));
diag_log format["PUBLISH: %1(%2) upgraded %3 with UID %4 @%5",_activatingPlayer,_playerUID,_class,_uid,(_location call fa_coor2str)];
};

18
SQF/dayz_server/compile/server_swapObject.sqf
View File

@@ -1,16 +1,22 @@
private ["_class","_uid","_charID","_object","_worldspace","_key","_allowed","_obj","_inv","_objectID","_objectUID","_proceed","_activatingplayer"];
//[dayz_characterID,_tent,[_dir,_location],"TentStorage"]
private ["_class","_uid","_charID","_object","_worldspace","_key","_allowed","_obj","_inv","_objectID","_objectUID","_proceed","_activatingplayer","_clientKey","_exitReason","_playerUID"];
if (count _this < 8) exitWith {diag_log "Server_SwapObject error: Wrong parameter format";};
_charID = _this select 0;
_object = _this select 1;
_worldspace = _this select 2;
_class = _this select 3;
_obj = _this select 4;
_activatingplayer = _this select 5;
_inv = if (count _this > 6) then {_this select 6} else {[]};
_inv = _this select 6;
_clientKey = _this select 7;
_proceed = false;
_objectID = "0";
_objectUID = "0";
_playerUID = getPlayerUID _activatingPlayer;
_exitReason = [_this,"SwapObject",(_worldspace select 1),_clientKey,_playerUID,_activatingPlayer] call server_verifySender;
if (_exitReason != "") exitWith {diag_log _exitReason};
if(!isNull(_obj)) then {
// Find objectID
@@ -33,7 +39,7 @@ if(isNull(_object)) then {
if(_objectID == "0" && _objectUID == "0") then {
_proceed = false;
} else {
[_objectID,_objectUID,_activatingplayer,_obj] call server_deleteObjDirect;
[_objectID,_objectUID] call server_deleteObjDirect;
};
_allowed = [_object, "Server"] call check_publishobject;
@@ -75,4 +81,4 @@ _object enableSimulation false;
dayz_serverObjectMonitor set [count dayz_serverObjectMonitor,_object];
diag_log ("PUBLISH: " + str(_activatingPlayer) + " upgraded " + (_class) + " with ID " + str(_uid));
diag_log format["PUBLISH: Player %1(%2) upgraded or downgraded object to %3 with UID:%4 @%5",_activatingPlayer,_playerUID,_class,_uid,((_worldspace select 1) call fa_coor2str)];

2
SQF/dayz_server/compile/server_toggle_debug.hpp
View File

@@ -9,7 +9,7 @@ Please request permission to use/alter/distribute from project leader (R4Z0R49)
#define LOGIN_DEBUG
// comment this out if you don't want any VEHICLE/TENT/OBJECT related debug
#define OBJECT_DEBUG
//#define OBJECT_DEBUG
// comment this out if you don't want any PLAYER (WORLDSPACE/INVENTORY/ETC) related debug
#define PLAYER_DEBUG

2
SQF/dayz_server/compile/server_updateObject.sqf
View File

@@ -192,7 +192,7 @@ _object_killed = {
diag_log format["DELETE: Deleted by KEY: %1",_key];
#endif
if (((typeOf _object) in DayZ_removableObjects) or ((typeOf _object) in DZE_isRemovable)) then {[_objectID,_objectUID,"__SERVER__"] call server_deleteObjDirect;};
if (((typeOf _object) in DayZ_removableObjects) or ((typeOf _object) in DZE_isRemovable)) then {[_objectID,_objectUID] call server_deleteObjDirect;};
};
_object_maintenance = {

33
SQF/dayz_server/compile/server_verifySender.sqf Normal file
View File

@@ -0,0 +1,33 @@
/*
PVEH does not provide any information about the sender in A2, so
this is necessary to verify the sender was not spoofed.
*/
private ["_clientKey","_exitReason","_function","_index","_object","_params","_player","_playerUID"];
_params = _this select 0;
_function = "Server_" + (_this select 1);
_object = _this select 2;
_clientKey = _this select 3;
_playerUID = _this select 4;
_player = _this select 5;
_index = dayz_serverPUIDArray find _playerUID;
_exitReason = switch true do {
//If object or player is null distance returns 9999+
//If object or player was moved with setPos on client, position takes a second to update on server
//Coordinates can be used in place of object
case (_object distance _player > (Z_VehicleDistance + 10)): {
format["%1 error: Verification failed, player is too far from object. PV ARRAY: %2",_function,_params]
};
case (_index < 0): {
format["%1 error: PUID NOT FOUND ON SERVER. PV ARRAY: %2",_function,_params]
};
case (((dayz_serverClientKeys select _index) select 0 != owner _player) or ((dayz_serverClientKeys select _index) select 1 != _clientKey)): {
format["%1 error: CLIENT AUTH KEY INCORRECT OR UNRECOGNIZED. PV ARRAY: %2",_function,_params]
};
default {""};
};
_exitReason