Add basic security checks to object_killed

PVDZ_veh_Save = [_obj,"killed"]; could be abused in the same way as
server_deleteObj (42e0047)

CHANGE LOG 1.0.6.2.txt

@@ -8,7 +8,7 @@
 [NEW] Added bolt animations to CZ550 and LeeEnfield modeled by @Streatman
 [NEW] Added some basic compatibility for falconsan's Ruegen map (beta version released February 2016)
 [NEW] Admins can now define what parts are returned from modular building parts, see configVariables.sqf/DZE_modularConfig @oiad @BigEgg17
-[NEW] Added basic server-side authentication to hive object creation/deletion for improved security. Affects Server_(DeleteObj|PublishObj|PublishVeh|SwapObj), admins and script makers should review the changes if using PVDZ_obj_(Destroy|Publish), PVDZE_obj_Swap, PVDZE_veh_(Publish|Upgrade) or server_deleteObj and verify custom code is compliant with these changes (github.com/EpochModTeam/DayZ-Epoch/commit/42e0047)
+[NEW] Added basic server-side authentication to hive object creation/deletion for improved security. Affects Server_(DeleteObj|PublishObj|PublishVeh|SwapObj|UpdateObject), admins and script makers should review the changes if using PVDZ_obj_(Destroy|Publish), PVDZ_veh_Save, PVDZE_obj_Swap, PVDZE_veh_(Publish|Upgrade) or server_deleteObj and verify custom code is compliant with these changes (github.com/EpochModTeam/DayZ-Epoch/commit/42e0047)
 [NEW] BAF_L85A2_RIS_TWS_DZ to emulate the old behavior of the now NV only BAF_L85A2_RIS_CWS. Server owners must add the weapon on their own #1983
 [NEW] Admins can now define a maximum build height, see configVariables.sqf/DZE_BuildHeightLimit. @BigEgg17
 

SQF/dayz_code/actions/player_destroyTent.sqf

@@ -68,7 +68,7 @@ player addMagazine _emptycan;
 PVDZ_obj_Destroy = [_objectID,_objectUID,player,_obj,dayz_authKey,false];
 publicVariableServer "PVDZ_obj_Destroy";
 
-PVDZ_veh_Save = [_obj, "killed"];
+PVDZ_veh_Save = [_obj,"killed",false,false,dayz_playerUID,dayz_authKey];
 publicVariableServer "PVDZ_veh_Save";
 
 //Set fire to item

SQF/dayz_code/compile/veh_handleKilled.sqf

@@ -4,9 +4,9 @@ _unit = _this select 0;
 // ask server to set global damage to 1, save to the hive
 if (local _unit) then {
 	if (isServer) then {
-		[_unit, "killed"] call server_updateObject;
+		[_unit,"killed",false,false,"SERVER",dayz_serverKey] call server_updateObject;
 	} else {
-		PVDZ_veh_Save = [_unit, "killed"];
+		PVDZ_veh_Save = [_unit,"killed",false,false,dayz_playerUID,dayz_authKey];
 		publicVariableServer "PVDZ_veh_Save";
 	};
 };

SQF/dayz_server/compile/server_updateObject.sqf

@@ -1,7 +1,7 @@
 // [_object,_type] spawn server_updateObject;
 #include "\z\addons\dayz_server\compile\server_toggle_debug.hpp"
 if (isNil "sm_done") exitWith {};
-private ["_objectID","_objectUID","_object_position","_isNotOk","_object","_type","_recorddmg","_forced","_lastUpdate","_needUpdate","_object_inventory","_object_damage","_objWallDamage","_object_killed","_object_maintenance","_object_variables","_totalDmg"];
+private ["_class","_objectID","_objectUID","_object_position","_isNotOk","_object","_type","_recorddmg","_forced","_lastUpdate","_needUpdate","_object_inventory","_object_damage","_objWallDamage","_object_killed","_object_maintenance","_object_variables","_totalDmg"];
 
 _object = _this select 0;
 _type = _this select 1;
@@ -15,9 +15,9 @@ _objectUID = "0";
 if ((isNil "_object") || {isNull _object}) exitWith {diag_log "server_updateObject.sqf _object null or nil, could not update object"};
 _objectID = _object getVariable ["ObjectID","0"];
 _objectUID = _object getVariable ["ObjectUID","0"];
+_class = typeOf _object;
 
-
+if (typeName _objectID != "STRING" or (typeName _objectUID != "STRING")) then {
-if ((typeName _objectID == "SCALAR") || (typeName _objectUID == "SCALAR")) then { 
 	#ifdef OBJECT_DEBUG
 		diag_log (format["Non-string Object: ID %1 UID %2", _objectID, _objectUID]);
 	#endif
@@ -26,7 +26,7 @@ if ((typeName _objectID == "SCALAR") || (typeName _objectUID == "SCALAR")) then
 	_objectUID = nil;
 };
 
-if (!((typeOf _object) in DZE_safeVehicle) && !locked _object) then {
+if (!(_class in DZE_safeVehicle) && !locked _object) then {
 	//diag_log format["Object: %1, ObjectID: %2, ObjectUID: %3",_object,_objectID,_objectUID];
 	if (!(_objectID in dayz_serverIDMonitor) && isNil {_objectUID}) then { 
 		//force fail
@@ -36,7 +36,7 @@ if (!((typeOf _object) in DZE_safeVehicle) && !locked _object) then {
 	if ((isNil {_objectID}) && (isNil {_objectUID})) then {
 		_object_position = getPosATL _object;
 		#ifdef OBJECT_DEBUG
-			diag_log format["Object %1 with invalid ID at pos %2",typeOf _object,_object_position];
+			diag_log format["Object %1 with invalid ID at pos %2",_class,_object_position];
 		#endif
 		_isNotOk = true;
 	};
@@ -55,7 +55,7 @@ _object_position = {
 	_position = getPosATL _object;
 	//_worldspace = [round (direction _object),_position];
 	_worldspace = [getDir _object, _position] call AN_fnc_formatWorldspace; // Precise Base Building 1.0.5
-	_fuel = if (_object isKindOf "AllVehicles") then {fuel _object} else {0};
+	_fuel = if (_class isKindOf "AllVehicles") then {fuel _object} else {0};
 	
 	_key = format["CHILD:305:%1:%2:%3:",_objectID,_worldspace,_fuel];
 	_key call server_hiveWrite;	
@@ -67,17 +67,17 @@ _object_position = {
 
 _object_inventory = {
 	private ["_inventory","_key","_isNormal","_coins"];
-	if (_object isKindOf "TrapItems") then {
+	if (_class isKindOf "TrapItems") then {
 		_inventory = [["armed",_object getVariable ["armed",false]]];
 	} else {
 		_isNormal = true;
 		
-		if (DZE_permanentPlot && (typeOf (_object) == "Plastic_Pole_EP1_DZ")) then {
+		if (DZE_permanentPlot && (_class == "Plastic_Pole_EP1_DZ")) then {
 			_isNormal = false;
 			_inventory = _object getVariable ["plotfriends", []]; //We're replacing the inventory with UIDs for this item
 		};
 		
-		if (DZE_doorManagement && (typeOf (_object) in DZE_DoorsLocked)) then {
+		if (DZE_doorManagement && (_class in DZE_DoorsLocked)) then {
 			_isNormal = false;
 			_inventory = _object getVariable ["doorfriends", []]; //We're replacing the inventory with UIDs for this item
 		};
@@ -118,7 +118,7 @@ _object_damage = {
 	
 	{
 		_hit = [_object,_x] call object_getHit;
-		_selection = getText (configFile >> "CfgVehicles" >> (typeOf _object) >> "HitPoints" >> _x >> "name");
+		_selection = getText (configFile >> "CfgVehicles" >> _class >> "HitPoints" >> _x >> "name");
 		if (_hit > 0) then {
 			_allFixed = false;
 			_array set [count _array,[_selection,_hit]];
@@ -176,7 +176,32 @@ _objWallDamage = {
 };
 
 _object_killed = {
-	private "_key";
+	private ["_clientKey","_exitReason","_index","_key","_playerUID"];
+	
+	if (count _this != 6) exitWith {
+		diag_log "Server_UpdateObject error: wrong parameter format";
+	};
+	
+	_playerUID = _this select 4;
+	_clientKey = _this select 5;
+	_index = dayz_serverPUIDArray find _playerUID;
+
+	_exitReason = switch true do {
+		//Can't use owner because player may already be dead, can't use distance because player may be far from vehicle wreck
+		case (_clientKey == dayz_serverKey): {""};
+		case (_index < 0): {
+			format["Server_UpdateObject error: PUID NOT FOUND ON SERVER. PV ARRAY: %1",_this]
+		};
+		case ((dayz_serverClientKeys select _index) select 1 != _clientKey): {
+			format["Server_UpdateObject error: CLIENT AUTH KEY INCORRECT OR UNRECOGNIZED. PV ARRAY: %1",_this]
+		};
+		case (alive _object && {!(_class isKindOf "TentStorage_base" or _class isKindOf "IC_Tent")}): {
+			format["Server_UpdateObject error: object kill request on living object. PV ARRAY: %1",_this]
+		};
+		default {""};
+	};
+	
+	if (_exitReason != "") exitWith {diag_log _exitReason};	
 	_object setDamage 1;
 	
 	if (_objectID == "0") then {
@@ -188,11 +213,15 @@ _object_killed = {
 	};
 	_key call server_hiveWrite;
 	
+	if (_playerUID == "SERVER") then {
 		#ifdef OBJECT_DEBUG
-	diag_log format["DELETE: Deleted by KEY: %1",_key];
+		diag_log format["DELETE: Server requested destroy on object %1 ID:%2 UID:%3",_class,_objectID,_objectUID];
 		#endif
+	} else {
+		diag_log format["DELETE: PUID(%1) requested destroy on object %2 ID:%3 UID:%4",_playerUID,_class,_objectID,_objectUID];
+	};
 	
-	if (((typeOf _object) in DayZ_removableObjects) or ((typeOf _object) in DZE_isRemovable)) then {[_objectID,_objectUID] call server_deleteObjDirect;};
+	if (_class in DayZ_removableObjects or (_class in DZE_isRemovable)) then {[_objectID,_objectUID] call server_deleteObjDirect;};
 };
 
 _object_maintenance = {
@@ -262,7 +291,7 @@ switch (_type) do {
 		call _object_damage;
 	};
 	case "killed": {
-		call _object_killed;
+		_this call _object_killed;
 	};
 	case "accessCode"; case "buildLock" : {
 		call _object_variables;

SQF/dayz_server/init/server_functions.sqf

@@ -13,6 +13,11 @@ call compile preprocessFileLineNumbers "\z\addons\dayz_code\loot\compile.sqf";
 
 BIS_Effects_Burn = {};
 dayz_disconnectPlayers = [];
+dayz_serverKey = [];
+for "_i" from 0 to 12 do {
+	dayz_serverKey set [_i, ceil(random 128)];
+};
+dayz_serverKey = toString dayz_serverKey;
 server_playerLogin = compile preprocessFileLineNumbers "\z\addons\dayz_server\compile\server_playerLogin.sqf";
 server_playerSetup = compile preprocessFileLineNumbers "\z\addons\dayz_server\compile\server_playerSetup.sqf";
 server_onPlayerDisconnect = compile preprocessFileLineNumbers "\z\addons\dayz_server\compile\server_onPlayerDisconnect.sqf";
@@ -98,7 +103,7 @@ vehicle_handleServerKilled = {
 	_unit = _this select 0;
 	_killer = _this select 1;
 		
-	[_unit, "killed"] call server_updateObject;	
+	[_unit,"killed",false,false,"SERVER",dayz_serverKey] call server_updateObject;	
 	_unit removeAllMPEventHandlers "MPKilled";
 	_unit removeAllEventHandlers "Killed";
 	_unit removeAllEventHandlers "HandleDamage";