Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/master'
Browse files Browse the repository at this point in the history
  • Loading branch information
jlillis committed Sep 1, 2024
2 parents 1b05223 + 80d98fd commit f9942bd
Show file tree
Hide file tree
Showing 51 changed files with 827 additions and 202 deletions.
6 changes: 3 additions & 3 deletions [admin]/acpanel/meta.xml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<meta>
<info description="Anti-Cheat Control Panel" author="ccw" version="0.1.8" type="script" />
<min_mta_version server="1.3.1" client="1.3.1"></min_mta_version>
<info description="Anti-Cheat Control Panel" author="ccw" version="0.2.0" type="script" />
<min_mta_version server="1.6.0" client="1.6.0"></min_mta_version>

<script src="_common.lua"/>
<script src="s_joiner.lua"/>
Expand All @@ -20,7 +20,7 @@


<settings>
<setting name="*admingroup" value="Admin,AdminPlus"
<setting name="*admingroup" value="Admin"
friendlyname="Admin group list"
group="_Advanced"
accept="*"
Expand Down
8 changes: 4 additions & 4 deletions [admin]/acpanel/s_main.lua
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ function updatePlayer(player)

if newAllowed and not oldAllowed then
bindKey( player, "o", "down", "Show_AC_Panel" )
outputChatBox ( "Press 'o' to open your AC panel", player )
outputChatBox ( "Press 'o' to open AC panel", player )
if not bAllowGui then return end
sendAllSettingsToClient()
triggerClientEvent(player, 'onAcpClientInitialSettings', resourceRoot, getServerConfigSettingsToTransfer() )
Expand Down Expand Up @@ -113,10 +113,10 @@ function doesResourceHasPermissions()
end

if not bResourceHasPermissions then
outputChatBox( "AC Panel can not start until this command is run:" )
outputChatBox( "aclrequest allow acpanel all" )
outputServerLog( "AC Panel can not start until this command is run:" )
outputServerLog( "aclrequest allow acpanel all" )
else
outputChatBox( "Please restart AC Panel" )
outputServerLog( "Please restart AC Panel" )
end
return false
end
Expand Down
10 changes: 5 additions & 5 deletions [admin]/acpanel/s_settings.lua
Original file line number Diff line number Diff line change
Expand Up @@ -198,16 +198,16 @@ end
-- Get version data from remote server
---------------------------------------------------------
function GetVersInfoFromRemoteServer()
fetchRemote( "http://nightly.mtasa.com/ver/", onGotVersInfo )
fetchRemote( "https://nightly.multitheftauto.com/ver/", onGotVersInfo )
end

function onGotVersInfo( responseData, errno )
if errno == 0 then

local ver = string.sub( getVersion().sortable, 0, 3 )
local ver = string.sub( getVersion().sortable, 1, 3 )

releaseMinVersion = string.match( responseData, "default: " ..ver .. ".(.-)[^0-9.-]" )
latestMinVersion = string.match( responseData, "minclientversion: " .. ver .. ".(.-)[^0-9.-]" )
releaseMinVersion = string.match( responseData, "Auto-update default:%s*" .. ver .. "%.([%d%-%.]+)" )
latestMinVersion = string.match( responseData, "Max recommended/minclientversion:%s*" .. ver .. "%.([%d%-%.]+)" )

if releaseMinVersion and latestMinVersion then
releaseMinVersion = ver .. "." .. releaseMinVersion
Expand Down Expand Up @@ -247,7 +247,7 @@ function onGotAcPanelVersInfo( responseData, errno )
setPanelSetting( "acpanelVersion", acpanelVersion )
setPanelSetting( "acpanelUrl", acpanelUrl )
if acpanelVersion > _version then
outputChatBox("New version of Anti-Cheat panel is available!")
outputServerLog("New version of Anti-Cheat panel is available!")
end
end
end
Expand Down
11 changes: 11 additions & 0 deletions [admin]/security/NOTES.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
*** DISCLAIMER ***

This resource is very barebone and should be used as a learning foundation for security on your server.
It only covers the most basic server events for detecting abusive behaviour and logs them without taking any action.
There are many more ways to combat bad players with server and client scripting adapted to your server/gamemode.

As a general rule of thumb, following points should be considered:
- never trust the client, if you accept data from client, validate it on server if they make any sense
- use the variable "client" instead of "source" for custom server events, source can be faked, client not
- try to avoid elementdatas, if you need elementdata to be synced to client and they should remain read only on client,
add them to tblProtectedElementDatas in players.lua to prevent clients from updating them
15 changes: 15 additions & 0 deletions [admin]/security/events.lua
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
-- https://wiki.multitheftauto.com/wiki/OnPlayerTriggerInvalidEvent
-- gets triggered when a remote clients triggers an invalid event on server
function clientTriggersInvalidEvent(strEventName, bIsAdded, bIsRemote)
logViolation(source, "Triggered invalid event \""..strEventName.."\" - bIsAdded: "..tostring(bIsAdded).." - bIsRemote: "..tostring(bIsRemote));
end
addEventHandler("onPlayerTriggerInvalidEvent", root, clientTriggersInvalidEvent);



-- https://wiki.multitheftauto.com/wiki/OnPlayerTriggerEventThreshold
-- gets triggered when a remote clients exceeds the event trigger treshold set by server in config -> max_player_triggered_events_per_interval
function clientTriggersEventThreshold()
logViolation(source, "Exceeded event trigger threshold of "..tostring(getServerConfigSetting("max_player_triggered_events_per_interval")));
end
addEventHandler("onPlayerTriggerEventThreshold", root, clientTriggersEventThreshold);
63 changes: 63 additions & 0 deletions [admin]/security/logging.lua
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
-- log messages triggered by player
function logViolation(uPlayer, strMessage)
local strPlayerName, strPlayerIP, strPlayerSerial = getPlayerName(uPlayer), getPlayerIP(uPlayer), getPlayerSerial(uPlayer);
local strLogFileName = "violations.txt";
local uFileHandle = fileExists(strLogFileName) and fileOpen(strLogFileName);

if(not uFileHandle) then
uFileHandle = fileCreate(strLogFileName);
fileFlush(uFileHandle);
else
fileSetPos(uFileHandle, fileGetSize(uFileHandle));
end

local strViolationMessage = getDateTime().." CLIENT: "..strPlayerName.." | IP: "..strPlayerIP.." | SERIAL: "..strPlayerSerial.." | "..strMessage;

outputDebugString(strViolationMessage, 4, 255, 255, 255);
outputServerLog(strViolationMessage);
fileWrite(uFileHandle, strViolationMessage.."\n");
fileClose(uFileHandle);
end



-- log messages without player element
function logAction(strMessage)
local strLogFileName = "actions.txt";
local uFileHandle = fileExists(strLogFileName) and fileOpen(strLogFileName);

if(not uFileHandle) then
uFileHandle = fileCreate(strLogFileName);
fileFlush(uFileHandle);
else
fileSetPos(uFileHandle, fileGetSize(uFileHandle));
end

local strActionMessage = getDateTime().." "..strMessage;

outputDebugString(strActionMessage, 4, 255, 255, 255);
outputServerLog(strActionMessage);
fileWrite(uFileHandle, strActionMessage.."\n");
fileClose(uFileHandle);
end



-- get the current date and time for logging
function getDateTime()
local tblRealTime = getRealTime();
local iDay = tblRealTime.monthday;
local iMonth = tblRealTime.month + 1;
local iYear = tblRealTime.year + 1900;
local iHour = tblRealTime.hour;
local iMinute = tblRealTime.minute;
local iSecond = tblRealTime.second;

if(iDay < 10) then iDay = "0"..iDay end;
if(iMonth < 10) then iMonth = "0"..iMonth end;
if(iHour < 10) then iHour = "0"..iHour end;
if(iMinute < 10) then iMinute = "0"..iMinute end;
if(iSecond < 10) then iSecond = "0"..iSecond end;

return "["..tostring(iDay).."."..tostring(iMonth).."."..tostring(iYear).." - "..tostring(iHour)..":"..tostring(iMinute)..":"..tostring(iSecond).."]";
end
10 changes: 10 additions & 0 deletions [admin]/security/meta.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
<meta>
<info name="Security" author="-ffs-PLASMA" type="misc" version="1.0" description="Basic security functionality" />

<min_mta_version server="1.6.0-9.22470" />

<script src="logging.lua" type="server"/>
<script src="events.lua" type="server"/>
<script src="misc.lua" type="server"/>
<script src="players.lua" type="server"/>
</meta>
15 changes: 15 additions & 0 deletions [admin]/security/misc.lua
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
-- https://wiki.multitheftauto.com/wiki/OnSettingChange
-- gets triggered when a resource setting has been changed
function resourceSettingChanged(strSetting, strOldValue, strNewValue)
logAction("Setting \""..strSetting.."\" has been changed from \""..fromJSON(strOldValue).."\" to \""..fromJSON(strNewValue).."\"");
end
addEventHandler("onSettingChange", root, resourceSettingChanged);



-- https://wiki.multitheftauto.com/wiki/OnAccountDataChange
-- gets triggered when account has been changed
function accountDataChanged(uAccount, strKey, strValue)
logAction("Data \""..strKey.."\" of account \""..getAccountName(uAccount).."\" has been changed to \""..strValue.."\"");
end
addEventHandler("onAccountDataChange", root, accountDataChanged);
58 changes: 58 additions & 0 deletions [admin]/security/players.lua
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
-- add the elementdatas you want to protect from client updates in here
local tblProtectedElementDatas = {["Score"] = true};



-- https://wiki.multitheftauto.com/wiki/OnElementDataChange
-- gets triggered when a client tries to change a synced elementdata, check if client is permitted to change that specific data
-- also prevents one client changing the elementdata of another client
function clientChangesElementData(strKey, varOldValue, varNewValue)
if(client and (tblProtectedElementDatas[strKey] or client ~= source)) then
logViolation(client, "Tried to change elementdata \""..tostring(strKey).."\" of resource \""..tostring(sourceResource).."\" from \""..tostring(varOldValue).."\" to \""..tostring(varNewValue).."\"");
setElementData(source, strKey, varOldValue);
end
end
addEventHandler("onElementDataChange", root, clientChangesElementData);



-- https://wiki.multitheftauto.com/wiki/OnPlayerACInfo
-- gets triggered when AC detects something for client on connect
function clientNotifyACInfo(tblDetectedACList, iD3D9Size, strD3D9MD5, strD3D9SHA256)
logViolation(source, "AC list detected: "..table.concat(tblDetectedACList, ",").." - D3D9Size: "..tostring(iD3D9Size).." - D3D9MD5: "..tostring(strD3D9MD5));
end
addEventHandler("onPlayerACInfo", root, clientNotifyACInfo);



-- https://wiki.multitheftauto.com/wiki/OnPlayerModInfo
-- gets triggered when client joins server with modified game files
function clientNotifyModInfo(strFileName, tblItemList)
for _, strItemName in ipairs(tblItemList) do
logViolation(source, "Mod detected - file: "..strFileName.." - GTA ID: "..strItemName.id.." - GTA name: "..strItemName.name);
end
end
addEventHandler("onPlayerModInfo", root, clientNotifyModInfo);



-- force all connected players to send their AC/Mod info on resource start
addEventHandler("onResourceStart", resourceRoot, function()
for _, uPlayer in ipairs(getElementsByType("player")) do
resendPlayerModInfo(uPlayer);
resendPlayerACInfo(uPlayer);
end
end);



-- https://wiki.multitheftauto.com/wiki/OnPlayerNetworkStatus
-- gets triggered when connection from server to a client is interrupted
function clientNetworkStatus(iStatus, iTicks)
if(iStatus == 0) then
logViolation(source, "Network interruption has began after "..iTicks.." ticks");
elseif(iStatus == 1) then
logViolation(source, "Network interruption has stopped after "..iTicks.." ticks");
end
end
addEventHandler("onPlayerNetworkStatus", root, clientNetworkStatus);
6 changes: 5 additions & 1 deletion [editor]/edf/edf.lua
Original file line number Diff line number Diff line change
Expand Up @@ -620,7 +620,11 @@ function edfCreateElement(elementType, creatorClient, fromResource, parametersTa
elseif dataField == "rotation" then
edfSetElementRotation(newElement, dataValue[1], dataValue[2], dataValue[3], dataValue[4])
elseif dataField == "interior" then
setElementInterior(newElement, dataValue)
if dataValue == -1 then
setElementInterior(newElement, 0) -- Interior -1 only works on removeWorldModel (But element data must be set to -1)
else
setElementInterior(newElement, dataValue)
end
setElementData(newElement, dataField, dataValue)
elseif dataField == "dimension" then
setElementDimension(newElement, dataValue)
Expand Down
5 changes: 4 additions & 1 deletion [editor]/edf/interface.lua
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
local interface_mt = {
__index = function(t, k)
t[k] = function(...) return call(t.res, k, ...) end
t[k] = function(...)
if getUserdataType(t.res) ~= "resource-data" or getResourceState(t.res) ~= "running" then return end
return call(t.res, k, ...)
end
return t[k]
end
}
Expand Down
5 changes: 1 addition & 4 deletions [editor]/edf/properties_client.lua
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ propertyGetters = {
model = getElementModel,
rotZ = getPedRotation,
health = getElementHealth,
armor = setPedArmor,
armor = getPedArmor,
collisions = function(element)
local collisions = getElementData(element, "collisions")
if collisions == "true" or collisions == false then
Expand Down Expand Up @@ -152,9 +152,6 @@ propertySetters = {
end,
breakable = function(element, breakable)
return setObjectBreakable(element, breakable == "true")
end,
collisions = function(element, state)
return setElementCollisionsEnabled(element, state == "true")
end
},
ped = {
Expand Down
1 change: 0 additions & 1 deletion [editor]/editor/freeroam.lua
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ addEventHandler("onResourceStart", resourceRoot,
if not getResourceFromName("freeroam") then
outputChatBox("WARNING: 'FREEROAM' RESOURCE NOT FOUND. Editor will not function properly. Please install the 'freeroam' resource immediately!", root, 255, 0, 0)
outputDebugString("WARNING: 'FREEROAM' RESOURCE NOT FOUND. Editor will not function properly. Please install the 'freeroam' resource immediately!")
editor_gui.outputMessage("WARNING: 'FREEROAM' RESOURCE NOT FOUND. Editor will not function properly. Please install the 'freeroam' resource immediately!", root, 255, 0, 0)
end
end
)
1 change: 1 addition & 0 deletions [editor]/editor_gui/client/currentbrowser.lua
Original file line number Diff line number Diff line change
Expand Up @@ -431,6 +431,7 @@ end
function closeCurrentBrowser()
if ( not currentBrowser.showing ) then return end
currentBrowser.showing = false
cSelectedElement = false
if ( callbackFunction ) then
local id = currentBrowserGUI.gridlist:getSelectedText()
if ( not id ) then
Expand Down
3 changes: 2 additions & 1 deletion [editor]/editor_gui/client/elementproperties.lua
Original file line number Diff line number Diff line change
Expand Up @@ -814,7 +814,8 @@ function openPropertiesBox( element, resourceName, shortcut )
addEventHandler("onClientElementDataChange", selectedElement, checkForNewID)

addEDFPropertyControlsForElement( selectedElement )
addPropertyControl("selection", "locked", "Locked", function (control) exports.editor_main:lockSelectedElement(selectedElement, control:getValue() == "true" or false) end, {value = exports.editor_main:isElementLocked(selectedElement) and "true" or "false", validvalues = {"false","true"}, datafield = "locked"})
-- `locked` is reserved for vehicles
addPropertyControl("selection", "locked-s", "Locked selection", function (control) exports.editor_main:lockSelectedElement(selectedElement, control:getValue() == "true" or false) end, {value = exports.editor_main:isElementLocked(selectedElement) and "true" or "false", validvalues = {"false","true"}, datafield = "locked"})

creatingNewElment = false
syncPropertiesCallback = applyPropertiesChanges
Expand Down
5 changes: 4 additions & 1 deletion [editor]/editor_gui/client/interface.lua
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,10 @@ local interface = {

local interface_mt = {
__index = function(t, k)
return function(...) return call(t.res, k, ...) end
return function(...)
if getUserdataType(t.res) ~= "resource-data" or getResourceState(t.res) ~= "running" then return end
return call(t.res, k, ...)
end
end
}

Expand Down
1 change: 1 addition & 0 deletions [editor]/editor_gui/server/interface.lua
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ local interface = {

local interface_mt = {
__index = function(t, k)
if getUserdataType(t.res) ~= "resource-data" or getResourceState(t.res) ~= "running" then return end
return function(...) return call(t.res, k, ...) end
end
}
Expand Down
Loading

0 comments on commit f9942bd

Please sign in to comment.