Up to now Pyrogenesis didn't check if lobby related XMPP stanzas were
sent by the lobby bots. This meant that every user could send forged
data, like the list of games, to be displayed by another user. This
change fixes that by checking such stanzas come from the expected lobby
bots.
Patch by: @Dunedan
Accepted by: @Stan
Differential Revision: https://code.wildfiregames.com/D5216
This was SVN commit r28197.
Previously private messages and announcements got handled the same way.
This adds a distinct handling for server announcements, which allows
formatting them in a different way. They are now not prefixed with
"Private" anymore and show the announcement subject as well, if one was
set.
Patch by: @Dunedan
Accepted by: @Stan
Differential Revision: https://code.wildfiregames.com/D5268
This was SVN commit r28186.
Avoid cases of filenames
Update years in terms and other legal(ish) documents
Don't update years in license headers, since change is not meaningful
Will add linter rule in seperate commit
Happy recompiling everyone!
Original Patch By: Nescio
Comment By: Gallaecio
Differential Revision: D2620
This was SVN commit r27786.
The purpose of our client-side hashing for lobby game passwords is to
prevent malicious hosts from getting valuable passwords from clients
(e.g. accidentally typing their lobby password instead of the game, or
even their email password, etc).
However, the hashing was deterministic (and rather simple), making it
possible to compute rainbow tables and recover user passwords anyways.
By adding more variation, including some that cannot so easily be
controlled by the host (the client name), this becomes impractical. The
password hashing function used is rather fast, but given the base low
probability of mistypes, this seems fine.
Differential Revision: https://code.wildfiregames.com/D3459
This was SVN commit r25459.
Instead of using platform-specific sockets, use enet_socket* functions
(which ends up doing the same).
Clean up some confusing APIs, removing the distinction between finding
the public IP for the host/join.
Fix endianness support & use simpler code.
Refs D364 / 61261d14fc (and some subsequent fixing diffs).
Differential Revision: https://code.wildfiregames.com/D3970
This was SVN commit r25453.
This allows joining a lobby game hosted on the same network (behind the
same NAT gateway).
This is relatively primitive to keep things simple: if the server and
the client have the same public IP, it is assumed that they are on the
same network and the client instead requests the local IP.
Differential Revision: https://code.wildfiregames.com/D3944
This was SVN commit r25448.
Follows 34b1920e7b.
This splits off the object-related functions, such as
[Set/Get/Has]Property, CreateObject, CreateArray, FreezeObject.
It also puts the definitions in the header itself, which might end up
with faster code here & there, though perhaps slower compilation time
(somewhat doubtful since we already included most things anyways).
Differential Revision: https://code.wildfiregames.com/D3956
This was SVN commit r25430.
All ToJSVal/FromJSVal definitions are put in a separate header.
Remove AssignOr[To/From]JSVal duplication.
The functions were already static so this is rather straightforward.
Follows 34b1920e7b and 2bae30c454
Differential Revision: https://code.wildfiregames.com/D3953
This was SVN commit r25428.
Follows 34b1920e7b.
This separates StructuredClone & DeepCopy logic into its own header,
reducing the size of the monolithic ScriptInterface header.
Differential Revision: https://code.wildfiregames.com/D3922
This was SVN commit r25419.
XMPP JID has a concept of 'resources', which can be used to
differentiate multiple clients of the same account.
We currently hardcode this 'resource' to '0ad' in two places:
- The 0 A.D. client always uses '0ad'
- The network code expects a host resource to be '0ad' when connecting.
As noted in 0fd8aa2a77#31215, it is less effort to store the JI
D directly. This patch does that. It also makes 0 A.D. use a different
resource each time.
Note that resources ought not contain particular information, as the
XMPP server is free to
clobber it. I keep '0ad-' here for debug purposes.
This allows:
- multiple 0 A.D. instances to log on the lobby at the same time (not
massively useful, but good for debugging sometimes)
- hosting a game with a custom resource, which will potentially make it
easier to have dedi
cated servers on one account.
Note that hosting multiple games on one account is currently not
supported and will have weird behaviour on the lobbybots side. They
should be upgraded independently of this.
Refs #3556
Differential Revision: https://code.wildfiregames.com/D3500
This was SVN commit r25407.
- 25332f9b86 added 'override' to a method in ShaderProgram.cpp. This
adds it to the rest.
- BinarySerializer.cpp had custom JS includes, because putting those in
ScriptExtraHeaders failed. The cause is that gloox leaves "#define
lookup" up. This has been reported upstream, and fixed here.
- VS17 complains about an uninitialised variable, though the usage is
safe.
Differential Revision: https://code.wildfiregames.com/D3916
This was SVN commit r25359.
- Replace ScriptInterface::RegisterFunction with
ScriptFunction::Register
- Mostly removing unused cmpPrivate*
- Some usage introduces specific getters (mapgenerator, AIWorker,
XmppClient,...)
- Several passthrough functions are simply removed in favour of calling
the original, reducing duplication
- Make use of ScriptRequest/ScriptInterface capabilities where
relevant.
- Make JSI_* headers only expose necessary functions, lightening them
considerably and reducing duplication
- Reuse namespaces in JSI_* implementations directly, reducing visual
noise there
Follows f3aedf88a6
Differential Revision: https://code.wildfiregames.com/D3626
This was SVN commit r24983.
Follow-up to 1a8de6d2b8. This makes it again possible to host without
STUN via the lobby.
The lobby bot will answer the host "Register" command with the external
IP. This is only sent to the host, avoiding IP leakage.
There is a small window in which a client might try to join and the
public IP isn't up, and the request goes through, but that seems rather
unlikely to be a problem in practice.
Refs #5913
Differential Revision: https://code.wildfiregames.com/D3490
This was SVN commit r24858.
As suggested by elexis, 1a8de6d2b8 should get some protection against
brute force attacks on password.
This is supposed to prevent attackers from getting connection data by
guessing the password.
Each failed attempt increases the counter.
XmppClient on the server side checks for the users with certain number
of failed attempts, determined in CNetServer, and refuses to check the
password, answering with banned message.
So they cant guess again in given match. Effect of this block will
dissapear after new match is created.
Differential revision: D3467
Comments by: wraitii, Stan
Tested by: Stan, Freagarach
Ref: #5913
This was SVN commit r24794.
Current issue with the lobby, is that we make ips of hosts public for
anyone to read. This patch consists of 3 parts.
1.) Removing ips and ports from lobby javascript
2.) Removing need of script on the server to attach public ips to game
stanza by asking the host using xmppclient as proxy.
3.) Implementing password protected matches, to deny this information to
not trusted players.
Further description:
Do not send ports and stunip to the bots.
Removed from stanza.
Do not send ip to the lobby.
Removed from mapping gamelist from backend to gui (still on the backend
side, because it is done by script on 0ad server).
Get ip and ports on request when trying to connect.
On the host side, ask stun server what is host's public ip and remember
it.
On the client side, send iq through xmppclient to the hosting player and
ask for ip, port and if Stun is used, then if answer is success,
continue
with connecting, else fail.
Add optional password for matches.
Add password required identifier to the stanza.
Allow host to setup password for the match. Hash it on the host side and
store inside Netserver. If no password is given, matches will behave
as it is not required.
On the client side, if password for the match is required, show
additional window before trying to connect and ask for password, then
hash it
and send with iq request for ip, port and stun.
Server will answer with ip, port and stun only if passwords matches,
else will asnwer with error string.
Some security:
Passwords are hashed before sending, so it is not easy to guess what
users typed. (per wraitii)
Hashes are using different salt as lobby hashing and not using usernames
as salt (as that is not doable), so they are different even typing the
same password as for the lobby account.
Client remembers which user was asked for connection data and iq's id of
request. If answer doesn't match these things, it is ignored. (thnx
user1)
Every request for connection data is logged with hostname of the
requester to the mainlog file (no ips).
If user gets iq to send connection data and is not hosting the match,
will respond with error string "not_server".
If server gets iq::result with connection data, request is ignored.
Differential revision: D3184
Reviewed by: @wraitii
Comments by: @Stan, @bb, @Imarok, @vladislavbelov
Tested in lobby
This was SVN commit r24728.
GUIObjectBase is made a IGUIObject* to avoid including those headers
un-necessarily. Subsequent diffs ought to clean up the various of
pointers for that with a similar type with reference semantics.
Also:
- Add standard C and C++ headers (mostly cstring for memcpy, string and
vector) where needed.
- Swap out some includes for forward declarations
- Clean up un-necessary boost includes in precompiled and other headers.
- Clean up precompiled headers, including fewer things.
- Move ACPI to the windows-specific folder as it's included there only
and mostly specific to that platform.
Thanks Stan for the testing.
Differential Revision: https://code.wildfiregames.com/D3129
This was SVN commit r24352.
This ugprades 0 A.D. to the latest ESR at the moment of writing.
Mostly straighforward API changes (see meta-Bug 1633145)
- js::Class is merged with JSClass
- JSNewArrayObject becomes JS::NewArrayObject
- ArrayObject-functions are moved to a new public header Array.h
- JSMSG error messages have again been changed, requiring some tweaks.
- AutoValueArray becomes RootedBalueArray (Bug 1634435)
- 'uneval' is behind a Realm flag (Bug 1565170), but no removal is
planned in the short-term future.
- Some minor GC API changes (Bugs 1569564 and 1633405)
- Error reporting has had some tweaks, and error flags have been removed
(Bug 1620583)
- StructuredClone are now always thread-safe, simplifying an API change
introduced in SM52 (Bug 1607791)
Tested by: Stan, Freagarach, mammadori
Closes#5861
Differential Revision: https://code.wildfiregames.com/D3168
This was SVN commit r24333.
No noteworthy API changes.
Details:
- Remove UTF16 script execution since UTF8 is supported in SM68 and
going forward
- Several new headers includes are required
- Realms replace Compartments as "global holders" (see meta-Bug 1357862)
- JSRequests are removed entirely (Bug 722345), see also aae417bd29
- Trivial API updates in ProxyHandlers, ArrayBuffer, Warnings, GC
reasons, Context options, ObjectIsFunction, ValueVectors and
JSCompartment
See also the migration guide:
https://github.com/mozilla-spidermonkey/spidermonkey-embedding-examples/blob/esr78/docs/Migration%20Guide.md
Tested by: Freagarach, Stan, Subitaneo
Fixes#5860
Differential Revision: https://code.wildfiregames.com/D3144
This was SVN commit r24297.
No particularly noteworthy changes, as most complex API changes were
already supported in SM45 and done.
The addition of JSStructuredCloneData allows to remove our custom class.
Changes:
- InformalValueTypeName is back in the API, so remove our
implementation.
- Stop using JSRuntime entirely in favour of JSContext*
- JSPropertyDescriptor is renamed.
- CompartmentOptions are tweaked slightly (no functional changes)
- JS::Construct - API update.
- JSClass split - API update.
- A js.msg error message was removed, so we had to use a different one.
- Tests fix: fix comparison of union instances
- Disable warning in spidermonkey Vector.h
- Update error reporting to SM52 (minor API updates)
- Ignore warnings about unused return values (would come from OOM, which
isn't recoverable)
Most of the patching was done by Itms.
Tested by: Stan, Freagarach
Fixes#4893
Differential Revision: https://code.wildfiregames.com/D3095
This was SVN commit r24203.
- Check for pending exceptions after function calls and script
executions.
- Call LOGERROR instead of JS_ReportError when there is a conversion
error in FromJSVal, since that can only be called from C++ (where JS
errors don't really make sense). Instead, C++ callers of FromJSVal
should handle the failure and, themselves, either report an error or
simply do something else.
- Wrap JS_ReportError since that makes updating it later easier.
This isn't a systematical fix since ToJSVal also ought return a boolean
for failures, and we probably should trigger errors instead of warnings
on 'implicit' conversions, rather a preparation diff.
Part of the SM52 migration, stage: SM45 compatible (actually SM52
incompatible, too).
Based on a patch by: Itms
Comments by: Vladislavbelov, Stan`
Refs #742, #4893
Differential Revision: https://code.wildfiregames.com/D3093
This was SVN commit r24187.
ScriptInterface is now a wrapper around a JSCompartment, and thus always
has a well-defined global.
The error reporter is moved to ScriptRuntime in anticipation of that
handling JSContext in a later diff.
Part of the SM52 migration, stage: SM45 compatible.
Patch by: Itms
Tested By: Freagarach
Refs #4893
Differential Revision: https://code.wildfiregames.com/D3090
This was SVN commit r24180.
JSAutoRequest is required before calling into most JSAPI methods, for GC
reasons.
Calling it is required and fragile as one must not forget.
Further, SM52 and later make manipulating JSContext* dangerous as that
can cross Compartment(Realm in SM68) barriers (and ScriptInterface now
matches a Compartment).
The solution to both problems is to avoid using JSContext* in 0 A.D.
itself. To achieve this, a Request class is introduced, and must be used
to access a JSContext* from a scriptInterface. Further, Request is
passed to other ScriptInterface functions isntead of JSContext*, making
it obvious that the caller has already called it, reducing errors and
redundant JSAutoRequest calls.
Only JSNative functions now get a naked JSContext* without protection,
but the likelihood of forgetting a request is lower since many
ScriptInterface functions now expect it.
JSContext* is directly passed to JSAPI functions only.
Part of the SM52 migration, stage: SM45 compatible
Based on a patch by: Itms
Tested By: Freagarach
Refs #4893
Differential Revision: https://code.wildfiregames.com/D3088
This was SVN commit r24176.
Added in 9023f4bebb, which changed lobby GUI messages to JS::Values,
requiring a real context. The original code mistakenly inverted the
owning script interfaces.
Given the reproducibility discovered in SM52, the timeline of the bug,
and the nature of the issues encountered in MP, this is a rather safe
fix for #5655.
Reviewed By: Itms
Fixes#5655
Differential Revision: https://code.wildfiregames.com/D2922
This was SVN commit r24116.
This lets it support the JSClass syntax, introduced for components in
5fb88172a2/D2492, which required a workaround before.
As cleanup, remove the prefix logic which was too specific to be in
ScriptInterface, and use an upstream-compatible API that also does more
of what we want.
Based on a patch by: elexis
Differential Revision: https://code.wildfiregames.com/D2644
This was SVN commit r23771.
Game selection details features:
* Display victory conditions following their sending but missing display
following bffe917914, refs 7b0f6f530c.
* Display the host of the match and the game name in the selected game
details following 61261d14fc, refs D1666.
* Display mods if the mods differ (without having to attempt to join the
game prior) following eca956a513.
Performance features:
* Implement batch message processing in the XmppClient to rebuild GUI
objects only once when receiving backlog or returning from a match.
* Implement Game class to cache gamelist, filter and sorting values, as
they rarely change but are accessed often.
* Cache sprintf objects.
Security fixes:
* Add escapeText in lobby/ to avoid players breaking the lobby for every
participant, supersedes D720, comments by bb.
* Do not hide broadcasted unrecognized chat commands that mods used as
leaking private channels, fixes#5615.
Defect fixes:
* Fix XmppClient.cpp storing unused historic message types resulting in
memory waste and unintentional replay of for instance
disconnect/announcements messages following both e8dfde9ba6/D819 and
6bf74902a7/D2265, refs #3306.
* Fix XmppClient.cpp victoryCondition -> victoryConditions gamesetup.js
change from 6d54ab4c1f/D1240.
* Fix leaderboard/profile page cancel hotkey closing the lobby dialog as
well and removes cancel hotkey note from lobby_panels.xml from
960f2d7c31/D817 since the described issue was fixed by f9b529f2fb/D1701.
* Fix lobby playing menu sound in a running game after having closed the
lobby dialog following introduction in 960f2d7c31/D817.
* Fix GUI on nick change by updating g_Username.
* Update profile panel only with data matching the player requested.
Hack erasure:
* Object semantics make it cheap to add state and cache values, storing
literals in properties while removing globals, adding events while
decoupling components and gaining moddability.
* Erase comments and translation comments stating that this would be
IRC!!, supersedes D1136.
* Introduce Status chat message type to supersede "/special" chat
command + "isSpecial" property from bffe917914 (formerly g_specialKey
e6840f5fca) deluxe hack.
* Introduce System chat message type to supersede system errors
disguising as chat from a mock user called "system".
Code cleanups:
* Move code from XML to JS.
* Move size values from JS to XML, especially following 960f2d7c31/D817
and 7752219cef/D1051.
* Rename "user" to "player".
* Fix lobby/ eslint warnings, refs D2261.
* Remove message.nick emptiness check from 0940db3fc0/D835, since
XEP-0045 dictates that it is non-empty.
* Add translated string for deleted subjects.
* Add TODOs for some evident COList issues, refs #5638.
Differential Revision: https://code.wildfiregames.com/D2412
This was SVN commit r23172.
I.e. don't dereference NULL if the user of the glooxwrapper library
reads from the provided room argument.
A step towards being able to use XmppClient with multiple rooms.
Differential Revision: https://code.wildfiregames.com/D2287
Tested on: clang 8.0.1, Jenkins
This was SVN commit r22898.
Make that function static, so that it can be used for these functions
without slowly having to obtain the ScriptInterface instance using
GetScriptInterfaceAndCBData just to get the JSContext again.
Remove few redundant conversions for CreateObject arguments.
Differential Revision: https://code.wildfiregames.com/D2128
Tested on: gcc 9.1.0, clang 8.0.1, Jenkins
Tedious performance testing in: D2128, D2127
This was SVN commit r22894.
The commit introduced support for arbitrary lobby CreateGUIMessage
JS::Value arguments but didn't transfer wstring_from_utf8 appropriately.
Instead of enlengthening the code by reintroducing utf8_from_wstring
everyhwere, shorten the code and specialize ToJSVal for
glooxwrapper::string and gloox enums.
Avoid string copies for XmppClient getters, refs D1668:
Change GetPresence() and GetRole() to return the pointer to the string
literal instead of copy constructing a std::string each call.
Don't reintroduce the unneeded utf8_from_wstring conversions for the
untranslatable ASCII identifiers returned by GetPresence() and
GetRole().
Change GetSubject() to return a const ref to the member instead of copy
assigning the std::string to an output value.
Change m_Subject to std::wstring to avoid constructing a copy using
wstring_from_utf8 each GetSubject() call.
Change gloox enum to translatable string functions to be static, so as
to use them in the new ToJSVal functions (enabled by not calling
CertificateErrorToString from ConnectionErrorToString anyymore in
92fc34c87c/D2274).
Avoid per-player string copies in m_PlayerMap:
Change m_PlayerMap value type from std::vector<std::string> to a new
PlayerMap struct with named members for readability.
Use gloox enums as PlayerMap values to avoid constructing (performance)
and storing (memory footprint) std::strings.
The JS String is created from the pointer to the ASCII string literal
without intermediaries.
Use glooxwrapper::string for nickname and m_Rating since it's the data
source type received in relevant places, but that might be improved for
performance with std::wstring.
Construct map values in place where possible and post error instead of
silently inserting if an existing value is to be modified.
Avoid repeated std::map lookups on string keys by caching the
PlayerMap::iterator where available.
Remove some glooxwrapper::string to_string() calls redundant with its
operator<< and improve DbgXMPP gloox enum output.
Transfer rating too upon nickchange.
Differential Revision: https://code.wildfiregames.com/D2271
Tested on: clang 8.0.1, Jenkins
This was SVN commit r22891.
Update the list when the data it is built from changes, not only for
presence changes.
Differential Revision: https://code.wildfiregames.com/D2283
Tested on: clang 8.0.1, Jenkins
This was SVN commit r22888.
Perform the freezing for historic messages equally.
Differential Revision: https://code.wildfiregames.com/D2282
Tested on: clang 8.0.1, Jenkins
This was SVN commit r22887.
This also allows making the enum to string functions static, refs D2271.
Differential Revision: https://code.wildfiregames.com/D2274
Tested on: clang 8.0.1, Jenkins
This was SVN commit r22880.
This might explain unexpected TLS certificate error strings upon failed
TLS handshake, refs #4705.
Might or might not fix a conditional valgrind conditional jump depending
on uninitialized value error reported in P170 for the XmppClient
constructor (inconsistent test results).
Differential Revision: https://code.wildfiregames.com/D2278
Tested on: clang 8.0.1, gcc 9.1.0, Jenkins
This was SVN commit r22879.
It needs to test against the historic role and not the current role,
similar to 8b437a0b1c, refs #3386.
Implements the third GUI message property using the arbitrary lobby GUI
message patch in 9023f4bebb/D2264, refs #4482, 6bf74902a7/D2265.
Differential Revision: https://code.wildfiregames.com/D2266
Tested on: clang 8.0.1
This was SVN commit r22859.
Creates the GUI messages directly as JS::Values and removes the
intermediary rigid struct.
Implementation similar to ScriptInterface::CreateObject from D2080.
Differential Revision: https://code.wildfiregames.com/D2264
Tested on: clang 8.0.1, Jenkins
This was SVN commit r22856.
They were only used to determine whether the playerlist should be
rebuilt, which can be achieved by a boolean member.
So this patch is removing unnecessary indirection from the original
solution in 8b437a0b1c and the reduction in 16b976fc35, refs #3386.
In particular the LobbyClearPresenceUpdates call was ugly and one doesnt
need hundreds of messages with data on it each if one only wants to know
if there was one.
Makes past (e8dfde9ba6) and future (D2264) patches less complex, refs
#4877.
Differential Revision: https://code.wildfiregames.com/D2265
Tested on: gcc 9.1.0, clang 8.0.1, Jenkins
This was SVN commit r22855.
Fixes an occurring leak indicated by the reported clang unused variable
compiler warning, refs #5294, #5550,
by adding the missing glooxwrapper::Jingle::Session::Session destructor
.
Fix two leaks that would have occurred if the according code had been
used:
Delete unused glooxwrapper::Jingle::ICEUDP::ICEUDP instead of adding the
missing destructor.
Delete unused glooxwrapper::Jingle::Content::Content instead of adding
the missing destructor.
Explain why glooxwrapper::Client::registerStanzaExtension doesn't leak
the new StanzaExtensionWrapper.
Explain why glooxwrapper::Jingle::Session::sessionInitiate doesn't leak
the new gloox::Jingle::Content, nor the new gloox::Jingle::ICEUDP.
Explain why glooxwrapper::SessionManager::registerPlugins doesn't leak
the new gloox::Jingle::Content and new gloox::Jingle::ICEUDP.
Explain why glooxwrapper::SessionManager::createSession doesn't leak the
gloox::Jingle::Session.
I will not leak memory in the glooxwrapper.
I will not leak memory in the glooxwrapper.
I will not leak memory in the glooxwrapper.
Use references in the StunClient and glooxwrapper to anticipate any
confusion as to whose obligation it is to delete variables when they are
passed around across several files.
Use static_cast and reinterpret_cast instead of C-style casts in the
StunClient.
Differential Revision: https://code.wildfiregames.com/D2094
Refs D2093 for the reported leaks.
Reviewed By: Josh
Comments By: fcxSanya, Vladislav for D2094, and echotangoecho, leper in
61261d14fc
This was SVN commit r22678.
