forbidden addons and god's finger... (redux)

[loki72]

greetings,

this is a pick up from a PM to mando about dedicated servers and addons. sry if wrong forum... is there a server forum?

there is this in the server config: though i can not find any info @ Biki/BiS

Code: [Select]

checkfiles[]={};
anyway.. my question was/is: i have noticed many addons pbo's that crash servers...

say bad.pbo is one of them... is there a way to have the dedicated server scan the 'potential' players addons and if bad.pbo is found then 'potential' player meets the finger of god?... lol mando.. its too funny to not share... or a simple no connect will do...

PM quote:

Code: [Select]

About your question (script solution):
Code:

// init.sqf
if(isClass (configFile >> "CfgPatches" >> "ADDON NAME HERE"))then
{
   hint "FORBIDDEN ADDON BLAH BLAH BLAH DETECTED, GOD's FINGER WILL KILL YOU NOW";
   Sleep 5;
   player setDamage 1;   
};



though i know they would have to be in game for this to happen... ?

i hate having to password my server.. but i hate rebooting a crashed server over and over even more... not to mention being in a game for 3 hours.. just to have some noob crash it and never come back anyway...

help?

[Spooner]

The problem with the method Mandoble suggests is that they are allowed to actually join your server and are just repeatedly killed to encourage them go away. This means that they could still potentially crash your server. A better method is to tell the server to only allow a specific set of approved addons, by taking advantage of the new addons signatures system. You'd need to make sure the server has copies of all the addon signatures that you trust (including pure client-side addons that the server doesn't actually need) and you wouldn't be able to allow any addons that weren't signed. If you don't do this, people will not only bring on crash-prone addons, but they could use addons that allowed them to cheat or cause grief.

Read all about managing Addon Signatures to find out how to enable this feature.

EDIT: Corrected some spurious info.

[loki72]

thx for the reply spooner,

glad i was sitting with a cup of coffee when i read this... it looks as if i'll i have to wipe out the 9 gigs of addons in my and the servers addons folder.... but then i won't have to password it.

thank you.. i'll be back to close this when i get it all sorted.

[Spooner]

I don't think you need to delete all the addons you have, since most serious addon makers will be signing them by now. You aren't making the players have exactly the addons you have on the server, as you'd want in a tournament, but rather letting them have any acceptable ones (e.g. they would be free to use any sound mod, for which you'd put the key on the server, or none at all if they'd prefer).

[loki72]

that would be great news.. but i just hit a problem... editor update 1.02.. is not signed... anyway to leave it on the server?.. as most of the LN missions use it...


edit... no XEH??.. this would be bad... i put the SLX_XEH2.bikey in the keys and still no go...



(redux)

after looking at this for a few hours..
i'm looking for the exact opposite... only disconnect if the file is found... instead of not found.

there is this in the server config:

checkfiles[]={};

but this is the only thing i found out about it:

checkfiles[]={"HWTL\dta\data3d.pbo","dta\data3d.pbo"};     List of files to check for integrity.

i don't think this is it either.....

[Spooner]

Are you absolutely sure that you have the XEH pbos, signatures and key files all coming from exactly the same release?

Not sure how to specifically refuse connection only if they have certain files (But as I said, I don't know much about server config). Since that still leaves you completely at the mercy of hackers or newly released unstable addons it seems less sensible (i.e. less likely to have been implemented). You might find Mandoble's suggestion your best option if you really want to manage things in this way.

[loki72]

thx spooner.. your help is greatly appreciated.


 good call.. i went back and redid it.... the xeh is good to go..
so i redid the xeh init and fired.. the key isn't working on this one... i'm not going to use the verify option.. but i like to make sure i did everything right.. even when not using it.



man.. this is going to show off my noob-ness for sure...

so back to the finger of god script...

the script could be used like so?

Code: [Select]

onplayerconnect execvm "check.pbo";

sleep 10;

look in players addons...

case: found bad.pbo

player set damage 1

case notthere:

player

continue to server....

does it seem i'm going in circles chasing my tail?!

[Spooner]

Not really. onPlayerConnected handler is run on the server, so isn't needed in this situation since you just want to run it once on each player's machine when they connect, not on everyone's machine when anyone connects (You also can't check a player's addons on the server; you'd be checking the server's addons. You can't kill the player on the server either, since the player is local to the specific client machine). All you want to do is run it right away on the client's machine (in init.sqf). Mandoble's code is correct as it is if you fill in the blanks, unless you have respawning on the server. Here is a "complete" version which should suit you:

Code: (init.sqf) [Select]

// Put this somewhere in your mission's init.sqf file.
_badAddons = ["UnstableJunk", "CrashMe"];

// Run checks only on dedicated clients.
if (not isServer) then
{
    {
        if (isClass (configFile >> "CfgPatches" >> _x)) then
        {
            // Keep killing on each respawn..forever.
            while { true } do
            {
                waitUntil { alive player };
                hint format ["FORBIDDEN ADDON %1 DETECTED, GOD's FINGER WILL KILL YOU NOW", _x];
                Sleep 5;
                player setDamage 1;
            };
        };
    } forEach _badAddons;
};

// Code after this will never be run if the player has a "bad" addon.


[loki72]

LOL....

that is so funny! thx to you both...

does this 'have' to be in a mission?

is there anyway to put this in a pbo.. so it runs as the server starts and well before any map starts ?

i would think it would then catch them all.. still only after connecting.. but then i would see who had what and make a mental note.

 

[Spooner]

Well, if it were in a client-side pbo, then the people who were running "disallowed" addons just wouldn't use your disallowAddons addon and they'd have no problems ;P

Even if you made it into a server-side pbo (running the script with XEH and using processInitCommands to run this code on the client machine), you couldn't run it before the mission started, since it would have to be started with XEH, which runs code when certain objects are initialised. And, even more, there is no point telling people that they have a bad addon and killing them before the missions starts, is there?

...but then i would see who had what and make a mental note.

This code doesn't tell "you" anything. All it does is tell the player that he has a banned addon and prevent him playing the game properly. Possibly doesn't even prevent him crashing the server, which is rather the point you are trying to achieve. I still think that anyone with a public server really needs to use signature protection to keep the idiots (of whatever type) out, so I think you are trying to find a very complex answer to a simple question.

Have you considered that that error message only mentions the first few addons that it has disallowed? That is, it might actually be disallowing all of your addons, but it appears that XEH is the only "signed" addon that isn't being allowed. That is, that you haven't installed the keys on the server properly or have the signatures in with the addons properly? No idea though, since I have never actually done this and I have no idea what you've actually done; anyway, that is an issue that I'm sure the XEH guys would know about by now if it was a problem and you might want to talk to them about it.

[loki72]

greetings,

no that code doesn't.. but i could make it a global chat command easy enough.

i see what you mean about it seeming complex... i will ask the guys at xeh and see if they have thought of this before.

i really don't know why it would be so complex for the server to check for addons instead of signatures. (well other than the fact i don't know how...)

whether before connecting or after...

back to update this after i have spoken with them.

thanks again spooner

[kju]

Sorry I didn't read all of it. Some info/ideas:

Go with signatures:

1) You can sign addons yourself. Your player base has to download only the signatures files from you. NOT the addons again. Still no good solution for a complete public random guy server.

2) With signatures you can allow addons. People don't have to have it. So you can sign all your addons, put your key, and in addition all other public keys for the given addons. This way the random guy has a good chance to join with addons, if his loaded addons are a subset of addon that you allowed with the public keys.
In addition he can download your sign files to use all you allowed.
In other words everyone will be kicked who has addons loaded (in addition) that are not allowed on your server.

3) Do NOT use checkFiles array. It is outdated and won't help you. Instead it will cause the server to halt if he has to check large PBOs. Advanced users can check for files inside PBOs like config.cpp. Still you need to manually react to the results. Go for signatures or mission side stuff.



Mission side stuff:

1) Mission wise you can check for specific cfgPatches classes and punish if he has baddies. Or go the other way round and make a white list (quite much work to extract all cfgPatches class and could be circumvented)

2) Do not kill the guy. Instead disableUserInput and blackscreen.

3) Check DooDacs from Doolittle.

[Spooner]

I don't think that disableUserInput is reasonable in this case, since this disables all user input, including the ability to leave the server or exit the game. The only recourse is to kill the ArmA process! Since a player can't reasonably know what addons are allowed before joining a public server, this is extremely punitive and would, I think, get your server a bad name. The only situation I could imagine that might be reasonable would be if you definitely knew the player was cheating/griefing, rather than just someone stumbling into your server in ignorance.

Signing all the addons yourself means that pubbies will never be able to join without somehow getting hold of your signatures. Even if getting the signatures could be made simple, they aren't going to know that they need specifically your signatures to begin with. In some ways, this is no less cumbersome than having the server password locked and would stop most, if not all, pubbie traffic. Signing addons yourself is definitely useful in some cases when not all the addons you are using are signed, but only on restricted servers (e.g. for the IC-ArmA tournament).

The choice you have, IMHO, is to:
1. have a private server (passworded), allow all addons and trust your players not to use dangerous ones.
2. have a private server (passworded), only allow a set of signed addons, however restrictive that may be, then you don't have to trust your players.
3. have a public server, only allow a set of signed addons, however restrictive that may be, then you don't have to trust your players.
4. have a public server, catch bad addons in a script, allowing the players to cheat, grief, workaround your script, use up a server slot to deny you access (griefing), crash the server with bad addons you haven't heard of yet, etc.
5. have a public server, allowing the players to cheat, grief, crash the server with bad addons , etc.

1, 2 and 3 are the only options that seem sensible to me. 1 is only sensible if you really do trust every one of your players.

[loki72]

 ... j/k

thanks to the in depth time and research both of you put in it.

i see that this is a bad situation all the way around.

i will spend a week or so thinking about this.... maybe there is a name at BiS that i can ask if they can incorporate this idea into arma2.

thank you both.

[loki72]

greetings,

back to this...

how does one make an addon SP only?
example: real time editor v4 only works in SP mode.