The NetServer stored a complete copy of the game Init Attributes, which
it sent to new clients on updates from the controller. This worked well,
but prevents incremental updates and other unrelated messages from being
sent.
This changes the system so that:
- in PREGAME state, the server does not update its copy of the game init
attributes
- the server forwards game setup messages from the controller to all
clients
- Joining clients get a full copy of the Settings, when joining, from
the controller (this is a js-driven behaviour - other situations might
not need do it).
- Make the StartNetworkGame message take a copy of the final init
attributes, to ensure synchronization (and simplify some logic).
In practice, this:
- makes it possible to send different types of gamesetup messages (this
introduces two: a regular update and the full 'initial-update' for new
clients).
- moves some C++ hardcoding into JS - here in essence the PREGAME server
state is now init-attributes-agnostic.
- does not change much for readiness control - the server already needed
to force a change at game start to set random elements.
Note that the loading page is currently still receiving the 'local' game
attributes, which assumes that all clients are correctly synchronized
(they should be).
Refs #3806, #3049
Differential Revision: https://code.wildfiregames.com/D3714
This was SVN commit r25099.
The initial settings for a game, used to create the map in RM & tosetup
the simulation, are named InitAttributes in the C++, but generally
referred to as GameAttributes in the JS GUI. This renames the latter to
the former to avoid confusion, since these settings are immutable once
the map starts, so InitAttributes is more accurate.
Differential Revision: https://code.wildfiregames.com/D3705
This was SVN commit r25083.
- Replace ScriptInterface::RegisterFunction with
ScriptFunction::Register
- Mostly removing unused cmpPrivate*
- Some usage introduces specific getters (mapgenerator, AIWorker,
XmppClient,...)
- Several passthrough functions are simply removed in favour of calling
the original, reducing duplication
- Make use of ScriptRequest/ScriptInterface capabilities where
relevant.
- Make JSI_* headers only expose necessary functions, lightening them
considerably and reducing duplication
- Reuse namespaces in JSI_* implementations directly, reducing visual
noise there
Follows f3aedf88a6
Differential Revision: https://code.wildfiregames.com/D3626
This was SVN commit r24983.
The 'controller' of an MP game (the host in general, though dedicated
servers would change that) is currently whoever first tells the server
that it is. This can be abused since it relies on trusting the clients.
This changes that logic: the server defines a 'controller secret', and
the first client to sent the correct controller secret is the
controller. This is safe assuming the secret is unknowable enough (the
current solution wouldn't pass strict cryptography tests, but it's
likely good enough).
Reverts 1a3fb29ff3, which introduced the 'trust the clients' mechanic,
as a change over 'the first local IP is controller'.
Necessary step towards dedicated server, if we want to use the regular
gamesetup (Refs #3556)
Differential Revision: https://code.wildfiregames.com/D3075
This was SVN commit r24952.
Follow-up to 1a8de6d2b8. This makes it again possible to host without
STUN via the lobby.
The lobby bot will answer the host "Register" command with the external
IP. This is only sent to the host, avoiding IP leakage.
There is a small window in which a client might try to join and the
public IP isn't up, and the request goes through, but that seems rather
unlikely to be a problem in practice.
Refs #5913
Differential Revision: https://code.wildfiregames.com/D3490
This was SVN commit r24858.
As suggested by elexis, 1a8de6d2b8 should get some protection against
brute force attacks on password.
This is supposed to prevent attackers from getting connection data by
guessing the password.
Each failed attempt increases the counter.
XmppClient on the server side checks for the users with certain number
of failed attempts, determined in CNetServer, and refuses to check the
password, answering with banned message.
So they cant guess again in given match. Effect of this block will
dissapear after new match is created.
Differential revision: D3467
Comments by: wraitii, Stan
Tested by: Stan, Freagarach
Ref: #5913
This was SVN commit r24794.
Follows 1a8de6d2b8.
Validate the password when a client joins a game, so even a player that
knows the connection data cannot join.
Refs #3556, Refs #5913
Differential Revision: https://code.wildfiregames.com/D3438
This was SVN commit r24775.
Current issue with the lobby, is that we make ips of hosts public for
anyone to read. This patch consists of 3 parts.
1.) Removing ips and ports from lobby javascript
2.) Removing need of script on the server to attach public ips to game
stanza by asking the host using xmppclient as proxy.
3.) Implementing password protected matches, to deny this information to
not trusted players.
Further description:
Do not send ports and stunip to the bots.
Removed from stanza.
Do not send ip to the lobby.
Removed from mapping gamelist from backend to gui (still on the backend
side, because it is done by script on 0ad server).
Get ip and ports on request when trying to connect.
On the host side, ask stun server what is host's public ip and remember
it.
On the client side, send iq through xmppclient to the hosting player and
ask for ip, port and if Stun is used, then if answer is success,
continue
with connecting, else fail.
Add optional password for matches.
Add password required identifier to the stanza.
Allow host to setup password for the match. Hash it on the host side and
store inside Netserver. If no password is given, matches will behave
as it is not required.
On the client side, if password for the match is required, show
additional window before trying to connect and ask for password, then
hash it
and send with iq request for ip, port and stun.
Server will answer with ip, port and stun only if passwords matches,
else will asnwer with error string.
Some security:
Passwords are hashed before sending, so it is not easy to guess what
users typed. (per wraitii)
Hashes are using different salt as lobby hashing and not using usernames
as salt (as that is not doable), so they are different even typing the
same password as for the lobby account.
Client remembers which user was asked for connection data and iq's id of
request. If answer doesn't match these things, it is ignored. (thnx
user1)
Every request for connection data is logged with hostname of the
requester to the mainlog file (no ips).
If user gets iq to send connection data and is not hosting the match,
will respond with error string "not_server".
If server gets iq::result with connection data, request is ignored.
Differential revision: D3184
Reviewed by: @wraitii
Comments by: @Stan, @bb, @Imarok, @vladislavbelov
Tested in lobby
This was SVN commit r24728.
This ugprades 0 A.D. to the latest ESR at the moment of writing.
Mostly straighforward API changes (see meta-Bug 1633145)
- js::Class is merged with JSClass
- JSNewArrayObject becomes JS::NewArrayObject
- ArrayObject-functions are moved to a new public header Array.h
- JSMSG error messages have again been changed, requiring some tweaks.
- AutoValueArray becomes RootedBalueArray (Bug 1634435)
- 'uneval' is behind a Realm flag (Bug 1565170), but no removal is
planned in the short-term future.
- Some minor GC API changes (Bugs 1569564 and 1633405)
- Error reporting has had some tweaks, and error flags have been removed
(Bug 1620583)
- StructuredClone are now always thread-safe, simplifying an API change
introduced in SM52 (Bug 1607791)
Tested by: Stan, Freagarach, mammadori
Closes#5861
Differential Revision: https://code.wildfiregames.com/D3168
This was SVN commit r24333.
No particularly noteworthy changes, as most complex API changes were
already supported in SM45 and done.
The addition of JSStructuredCloneData allows to remove our custom class.
Changes:
- InformalValueTypeName is back in the API, so remove our
implementation.
- Stop using JSRuntime entirely in favour of JSContext*
- JSPropertyDescriptor is renamed.
- CompartmentOptions are tweaked slightly (no functional changes)
- JS::Construct - API update.
- JSClass split - API update.
- A js.msg error message was removed, so we had to use a different one.
- Tests fix: fix comparison of union instances
- Disable warning in spidermonkey Vector.h
- Update error reporting to SM52 (minor API updates)
- Ignore warnings about unused return values (would come from OOM, which
isn't recoverable)
Most of the patching was done by Itms.
Tested by: Stan, Freagarach
Fixes#4893
Differential Revision: https://code.wildfiregames.com/D3095
This was SVN commit r24203.
- Check for pending exceptions after function calls and script
executions.
- Call LOGERROR instead of JS_ReportError when there is a conversion
error in FromJSVal, since that can only be called from C++ (where JS
errors don't really make sense). Instead, C++ callers of FromJSVal
should handle the failure and, themselves, either report an error or
simply do something else.
- Wrap JS_ReportError since that makes updating it later easier.
This isn't a systematical fix since ToJSVal also ought return a boolean
for failures, and we probably should trigger errors instead of warnings
on 'implicit' conversions, rather a preparation diff.
Part of the SM52 migration, stage: SM45 compatible (actually SM52
incompatible, too).
Based on a patch by: Itms
Comments by: Vladislavbelov, Stan`
Refs #742, #4893
Differential Revision: https://code.wildfiregames.com/D3093
This was SVN commit r24187.
ScriptInterface is now a wrapper around a JSCompartment, and thus always
has a well-defined global.
The error reporter is moved to ScriptRuntime in anticipation of that
handling JSContext in a later diff.
Part of the SM52 migration, stage: SM45 compatible.
Patch by: Itms
Tested By: Freagarach
Refs #4893
Differential Revision: https://code.wildfiregames.com/D3090
This was SVN commit r24180.
As part of the SM45->52 migration, a ScriptInterface becomes a wrapper
around a JSCompartment, not a JSContext, thus we ought to store private
data for the compartment and not the context.
This is a mass rename of CxPrivate to CmptPrivate to match that before
the actual changes.
Part of the SM52 migration, stage: SM45 compatible
Patch by: Itms
Tested By: Freagarach
Refs #4893
Differential Revision: https://code.wildfiregames.com/D3089
This was SVN commit r24177.
JSAutoRequest is required before calling into most JSAPI methods, for GC
reasons.
Calling it is required and fragile as one must not forget.
Further, SM52 and later make manipulating JSContext* dangerous as that
can cross Compartment(Realm in SM68) barriers (and ScriptInterface now
matches a Compartment).
The solution to both problems is to avoid using JSContext* in 0 A.D.
itself. To achieve this, a Request class is introduced, and must be used
to access a JSContext* from a scriptInterface. Further, Request is
passed to other ScriptInterface functions isntead of JSContext*, making
it obvious that the caller has already called it, reducing errors and
redundant JSAutoRequest calls.
Only JSNative functions now get a naked JSContext* without protection,
but the likelihood of forgetting a request is lower since many
ScriptInterface functions now expect it.
JSContext* is directly passed to JSAPI functions only.
Part of the SM52 migration, stage: SM45 compatible
Based on a patch by: Itms
Tested By: Freagarach
Refs #4893
Differential Revision: https://code.wildfiregames.com/D3088
This was SVN commit r24176.
1c0536bf08 introduced a disableGraphics bool with a default value and
relied on the default being reasonable except for the few needed cases.
be93b31411 introduced the replayLog argument with a default value and
relied on the default being reasonable except for the few needed cases.
5747619c39 fixed a bug in that commit because the default value hadn't
actually been considered to be correct for all CGame constructor calls
and was wrong for two.
By requiring callers to specify the value, authors are forced to
establish thought which value is the correct one, as opposed to hoping
that a default value will be good by default.
As you can see in the diff, it also makes it easier to compare what
values changed if they are always defined in the caller.
Use CRenderer::IsInitialised() to determine if this is a non-visual
CGame,
for the purpose of removing less transparent proxy functions that are
unneeded as long as there are about 30 other calls testing for
CRenderer::IsInitialised() to determine if the Game should be rendered.
Supersedes:
* CGame constructor argument bool disableGraphics from 1c0536bf08.
* CGame::IsGraphicsDisabled() proxy from a533fff883 to the proxy from
1c0536bf08 and two local nonVisual = args.Has("autostart-nonvisual")
variables in GameSetup.cpp from a533fff883.
Call the Renderer destructor instead of calling delete on the
non-pointer (SAFE_DELETE would not be supported for instance).
Started as a preparation for D2197, but actually independent.
Differential Revision: https://code.wildfiregames.com/D2211
This was SVN commit r22785.
Fixes an occurring leak indicated by the reported clang unused variable
compiler warning, refs #5294, #5550,
by adding the missing glooxwrapper::Jingle::Session::Session destructor
.
Fix two leaks that would have occurred if the according code had been
used:
Delete unused glooxwrapper::Jingle::ICEUDP::ICEUDP instead of adding the
missing destructor.
Delete unused glooxwrapper::Jingle::Content::Content instead of adding
the missing destructor.
Explain why glooxwrapper::Client::registerStanzaExtension doesn't leak
the new StanzaExtensionWrapper.
Explain why glooxwrapper::Jingle::Session::sessionInitiate doesn't leak
the new gloox::Jingle::Content, nor the new gloox::Jingle::ICEUDP.
Explain why glooxwrapper::SessionManager::registerPlugins doesn't leak
the new gloox::Jingle::Content and new gloox::Jingle::ICEUDP.
Explain why glooxwrapper::SessionManager::createSession doesn't leak the
gloox::Jingle::Session.
I will not leak memory in the glooxwrapper.
I will not leak memory in the glooxwrapper.
I will not leak memory in the glooxwrapper.
Use references in the StunClient and glooxwrapper to anticipate any
confusion as to whose obligation it is to delete variables when they are
passed around across several files.
Use static_cast and reinterpret_cast instead of C-style casts in the
StunClient.
Differential Revision: https://code.wildfiregames.com/D2094
Refs D2093 for the reported leaks.
Reviewed By: Josh
Comments By: fcxSanya, Vladislav for D2094, and echotangoecho, leper in
61261d14fc
This was SVN commit r22678.
This is due to too many oversteppings of the lobby Terms of Use
following JS mods that implemented an UI for players to join lobby games
with arbitrary nicknames or 'replace' / impersonate other players in
lobby games.
Agreed with: user1, Dunedan
Code proofread by: Vladislav
Minor discussions with: Imarok, Hannibal_Barca, smiley, fpre, bb, nani
refs
https://wildfiregames.com/forum/index.php?/topic/24722-improving-mod-security/
This was SVN commit r21877.
JSInterface_L10n.cpp from d6db5a466d,
JSInterface_Renderer.cpp and JSInterface_GUITypes.cpp from 4b1297b328,
JSInterface_VisualReplay.cpp from b830233498,
JSInterface_Game.cpp from 5f8be8e0c6,
JSInterface_Simulation.cpp from 921c5515a6,
JSInterface_Debug.cpp from d6cb9c845b,
JSInterface_Main.cpp from 486aec18d4, refs #4772,
JSInterface_Mod.cpp where it was incorrectly removed in af03c72f76.
Refs D1470.
Sort includes alphabetically, add recent Coding Convention macro
comments.
This was SVN commit r21789.
Just test if a NetClient is present rather than passing a state boolean
from GUI page to GUI page (since 1c0536bf08 or sooner).
This was SVN commit r21650.
