If a formspec is submitted from a form fields handling
callback of another form (or "formspec shown from another
formspec"), the fields submitted for it can get
rejected by the form exploit mitigation subsystem with a
message like "'zorman2000' submitted formspec
('formspec_error:form2') but server hasn't sent formspec to
client, possible exploitation attempt" being sent to logs.
This was already reported as #7374 and a change was made
that fixed the simple testcase included with that bug
report but the bug still kept lurking around and popping
out in more complicated scenarios like the advtrains TSS
route programming UI.
Deep investigation of the problem revealed that this
sequence of events is entirely possible and leads to the
bug:
1. Server: show form1
2. Client *shows form1*
3. Client: submits form1
4. Server: show form2
5. Client: says form1 closed
6. Client *shows form2*
7. Client: submits form2
What happens inside the code is that when the server in
step 4 sends form2, the registry of opened forms is
updated to reflect the fact that form2 is now the valid
form for the client to submit. Then when in step 5 client
says "form1 was closed", the exploit mitigation subsystem
code deletes the registry entry for the client without
bothering to check whether the form client says was
closed just now is indeed the form that is recorded in
that entry as the valid form. Then later, in step 7 the
client tries to submit its valid form fields, these will
be rejected because the entry is missing.
It turns out the procedure where the broken code resides
already gets the form name so a simple "if" around the
offending piece of code fixes the whole thing. And
advtrains TSS agrees with that.
Reported by GCC
```
minetest/src/server.cpp:996:42: warning: ‘peer_id’ may be used uninitialized in this function [-Wmaybe-uninitialized]
errorstream << "ProcessData: peer=" << peer_id << e.what() << std::endl;
```
* Adds Lua methods 'set_rotation()' and 'get_rotation'. Also changed some method names to be more clear. Instead of an f32 being sent over network for yaw, now a v3f is sent for rotation on xyz axes. Perserved Lua method set_yaw/setyaw so that old mods still work, other wise to set yaw they would need to switch to set_rotation(0, yaw, 0).
* src/sky.cpp 146 warn V519 The 'suncolor_f.r' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 142, 146.
* src/sky.cpp 147 warn V519 The 'suncolor_f.g' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 143, 147.
* src/sky.cpp 148 warn V519 The 'suncolor_f.b' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 144, 148.
* src/threading/thread.cpp 63 err V730 Not all members of a class are initialized inside the constructor. Consider inspecting: m_thread_obj.
* src/server.cpp 3243 err V595 The 'log' pointer was utilized before it was verified against nullptr. Check lines: 3243, 3258.
* Drop EventManager from GameDef & do some client cleanups
* EventManager is only used by Client. Don't expose it on Server & GameDef for nothing
* Drop Client::event() in favor of direct calls to getEventManager
* Cleanup some event put from new + put to put(new)
* MtEvent: add Type(u8) enum
* This will enhance event performance & ensure stricter type
* Drop MtEvent::checkIs (unused)
* clang-tidy reported fixes
* Code style
* Move event_manager.h to the client directory as it's only used by client
Add EventManager unittests + switch to unordered_map as order is not important here
Drop a unused function
* Server: delegate mod management & config to ServerModConfiguration (rename it to ServerModManager)
* Use c++11 range based loops
* Add unittests + experimental/default mod as a test case to permit testing mod loading in future tests
* ObjectRef::set_local_animation: fix wrong lua return (should push a boolean, currently returns nil)
* ObjectRef::set_eye_offset: fix wrong lua return (should push a boolean, currently returns nil)
* Fix various Server functions which depends on RemotePlayer objet and return true/false when player object is nil whereas it's a caller implementation error. Change those bool functions to void and add sanitize_check call instead. Current callers are always checking player object validity
* Optimize Server::setClouds : use CloudParams object ref instead of attribute deserialization from structure & perform RemotePlayer::setCloudParams directly in server class like many other calls
* Optimize Server::SendCloudParams: use CloudParams object ref instead of deserialized attributes
This doesn't check the fields in anyway whatsoever so it should only be seen as a way to mitigate exploits, a last line of defense to make it harder to exploit bugs in mods, not as a reason to not do all the usually checks.
* Rename IWritableNodeDefManager to NodeDefManager
* Make INodeDefManager functions const
* Use "const *NodeDefManager" instead of "*INodeDefManager"
* Remove unused INodeDefManager class
* Merge NodeDefManager and CNodeDefManager
* Document NodeDefManager
Solves some issues with ModStorage functionality in mapgen threads
that occurred when mapgen threads continued to run after the main
server thread had stopped. Also shuts down mapgen threads before
shutdown callbacks are called.
* Make Player::peer_id server-side only and add getters and setters
Player::peer_id has no sense client side, move it to server, make it private and add setter and getter
Also add some PEER_ID_INEXISTENT instead of harcoded 0
* Add session_t typedef + remove unused functions
u16 peer_id is used everywhere, to be more consistent and permit some evolutions on this type in the future (i'm working on a PoC), uniformize u16 peer_id to SessionId peer_id
Implement network communication for channels
* Implement ModChannel manager server side to route incoming messages from clients to other clients
* Add signal handler switch on client & ModChannelMgr on client to handle channels
* Add Lua API bindings + client packet sending + unittests
* Implement server message sending
* Add callback from received message handler to Lua API using registration method
* Fix HP transport + some double <-> float problems
TOCLIENT_HP transport u16 hp as a u8, use u16 HP, this prevent HP over 255 to overflow across network
* Fix more double/float problem in serverpackethandler & remove implicit struct type for TileAnimationParams
* Fix connection unittests container
* Cleanup network headers
* Move peerhandler to a specific header to reduce compilation times
* Move socket.cpp/h to network folder
* More work
* Network code cleanups
* Move socket.{cpp,h} to network folder
* Move Address object to network/address.{cpp,h}
* Move network exceptions to network/networkexceptions.h
* Client: use unique_ptr for Connection
* Server/ClientIface: use shared_ptr for Connection
* Format fixes
* Remove socket.cpp socket.h from clang-format whitelist
* Also fix NetworkPacket code style & make it under clang-format
* Respect object property hp_max field for players
This allows modders to configure the maximal HP per player
* Statbars: Downscale bar to full 20 HP when exceeding this value
Add default max HP for players and breath constants to builtin
Document the constants
* Rename PLAYER_MAX_HP -> PLAYER_MAX_HP_DEFAULT
* server.cpp: unroll setting when sending mapblocks
* Improve a little bit performance when sending mapblocks massively
* Use a range based for
* Code style fixes
* Use more for range based loops
* Simplify some tests
* Code style fixes
* connection.h: better PeerChange constructor instead of creating uninitalized object and then affect variables
* Use various modern for loops
* Make some loop iterator constants, whereas there weren't
* Use empty on some size() > 0 tests
* Various little codestyle fixes
* Fix an hidden scope variable in Server::SendBlockNoLock
* [CSM] Add flavour limits controlled by server
Server send flavour limits to client permitting to disable or limit some Lua calls
* Add limits for reading nodedefs and itemdefs
* flavour: Add lookup node limits
* Merge get_node_or_nil into get_node.
Sending fake node doesn't make sense in CSM, just return nil if node is not available for any reason
* Add node range customization when noderange flavour is enabled (default 8 nodes)
* Limit nodes range & disable chat message sending by default
* Bump protocol version
* New TOCLIENT_CHAT_MESSAGE packet
* Rename old packet to TOCLIENT_CHAT_MESSAGE_OLD for compat
* Handle TOCLIENT_CHAT_MESSAGE new structure client side
* Client chat queue should use a specific object
* SendChatMessage: use the right packet depending on protocol version (not complete yet)
* Add chatmessage(type) objects and handle them client side (partially)
* Use ChatMessage instead of std::wstring server side
* Update with timestamp support
thread_local permits to limit variable lifetime to thread duration. Use it on each setting place which uses static to cache variable result only for thread lifetime. This permits to keep the same performance level & reconfigure server from MT gui in those various variables places.
Add thread_local to undersampling calculation too.
Previously, findSpawnPos() did not take the 'mapgen_limit' setting into account,
a small limit often resulted in a spawn out in the void.
Use the recently added 'calcMapgenEdges()' to get max spawn range through a new
mapgenParams function 'getSpawnRangeMax()'.
Previously, when a player respawned into a world, 'objectpos_over_limit()' was
used as a check, which was inaccurate.
Use the recently added 'saoPosOverLimit()' to get exact mapgen edges.
Also fix default value of 'm_sao_limit_min'.
These code be generated by CSM, a modded client or just copy and pasted by the player.
Changes
- Update configuration example and setting translation file.
- Remove colour codes before logging chat.
- Add setting to remove colour codes before processing the chat.
* Have the server send the player list to the client
Currently the client generates the player list based on the Client active object list, the issue with this is that we can't be sure all player active objects will be sent to the client, so this could result in players showing up when someone run `/status` but auto complete not working with their nick and CSM not being aware of the player
* Allow enabling and disabling mods.
* Re-fix 605599b6f150b89ba6539c4d088231b326adcb48
This breaks some chars like € in chat.
Instead verify is char is a non control char -> iswcntrl
Previously, every individual particle on a server is sent to, and rendered by
(even if not actually visible), every client regardless of distance. This
significantly reduces client FPS and creates unnecessary network traffic.
Maximum distance is set by 'max block send distance' as this determines how far
a client is able to see.
Default true.
Add 'm_clouds_enabled' bool to sky.h, set from new bool in 'set sky' API.
Make 'getCloudsVisible()' depend on 'm_clouds_enabled' instead of
'm_visible' (whether normal sky is visible).
* Player data to Database
Add player data into databases (SQLite3 & PG only)
PostgreSQL & SQLite: better POO Design for databases
Add --migrate-players argument to server + deprecation warning
* Remove players directory if empty
This callback is called if a liquid definitely floods a non-air
node on the map. The callback arguments are (pos, oldnode, newnode)
and can return a `bool` value indicating whether flooding the
node should be cancelled (`return true` will prevent the node
from flooding).
Documentation is added, the callback function was tested with a
modified minetest_game.
Note that `return true` will likely cause the node's `on_flood()`
callback to be called every second until the node gets removed,
so care must be taken to prevent many callbacks from using this
return value. The current default liquid update interval is 1.0
seconds, which isn't unmanageable.
The larger aim of this patch is to remove the lava cooling ABM,
which is a significant cost to idle servers that have lava on their
map. This callback will be much more efficient.
* client side mods are located in clientmods/
* move builtin/preview.lua to clientmods/preview/init.lua as a preview mod
* refactor ModConfiguration class to work properly with client and server using child objects
* move some Server constructor mod load code to ModConfiguration to reduce code duplication between client and server
* remove mods.{cpp,h} unused functions
* use UNORDERED_SET instead of std::set in some modspec storages
* rename GameScripting to ServerScripting
* Make getBuiltinLuaPath static serverside
* Add on_shutdown callback
* Add on_receiving_chat_message & on_sending_chat_message callbacks
* ScriptApiBase: use IGameDef instead of Server
This permits to share common attribute between client & server
* Enable mod security in client side modding without conditions
* mod can create a ModMetadata object where store its values and retrieve it.
* Modmetadata object can only be fetched at mod loading
* Save when modified using same time as map interval or at server stop
* add helper function to get mod storage path
* ModMetadata has exactly same calls than all every other Metadata
* Environment code refactoring
* Cleanup includes & class declarations in client & server environment to improve build speed
* ServerEnvironment::m_gamedef is now a pointer to Server instead of IGameDef, permitting to cleanup many casts.
* Cleanup IGameDef
* Move ITextureSource* IGameDef::getTextureSource() to Client only.
* Also move ITextureSource *IGameDef::tsrc() helper
* drop getShaderSource, getSceneManager, getSoundManager & getCamera abstract call
* drop unused emerge() call
* cleanup server unused functions (mentionned before)
* Drop one unused parameter from ContentFeatures::updateTextures
* move checkLocalPrivilege to Client
* Remove some unnecessary casts
* create_formspec_menu: remove IWritableTextureSource pointer, as client already knows it
* Fix some comments
* Change required IGameDef to Server/Client pointers
* Previous change that game.cpp sometimes calls functions with Client + InventoryManager + IGameDef in same functions but it's the same objects
* Remove duplicate Client pointer in GUIFormSpecMenu::GUIFormSpecMenu
* drop ClientMap::sectorWasDrawn which is unused
Breath is now handled server side. Changing this behaviour required some modifications to core:
* Ignore TOSERVER_BREATH package, marking it as obsolete
* Clients doesn't send the breath to server anymore
* Use PlayerSAO pointer instead of peer_id in Server::SendPlayerBreath to prevent a useless lookup (little perf gain)
* drop a useless static_cast in emergePlayer
* Calculate maximum interact distance from wielded tool
* New "interacted_while_dead" cheat_type for the Lua API
* Disallow dropping items while dead
* Move player to spawn before resurrecting them
This combats the problem of sending the hundreds of
"creative" / "armor" or whatever detached invs that
exist on popular servers to each and every player
on join or on change of said invs.
PlayerSAO::disconnected() function was historical and remove the link between SAO and RemotePlayer session. With previous attributes linked to RemotePlayer saving was working. But now attributes are read from SAO not RemotePlayer and the current serialize function verify SAO exists to save the player attributes.
Because PlayerSAO::disconnected marks playersao for removal, only mark playerSAO for removal and let PlayerSAO::removingFromEnvironment do the correct saving behaviour and all the disconnection process instead of doing a partial removal and let the server loop doing the RemotePlayer cleanup and remove some saved attributes...
* Create UnitSAO, a common part between PlayerSAO & LuaEntitySAO
* Move breath to PlayerSAO & LocalPlayer
* Migrate m_yaw from (Remote)Player & LuaEntitySAO to UnitSAO
* Migrate m_yaw from Player to LocalPlayer for client
* Move some functions outside of player class to PlayerSAO/RemotePlayer or LocalPlayer depending on which class needs it
* Move pitch to LocalPlayer & PlayerSAO
* Move m_position from Player to LocalPlayer
* Move camera_barely_in_ceiling to LocalPlayer as it's used only there
* use PlayerSAO::m_base_position for Server side positions
* remove a unused variable
* ServerActiveObject::setPos now uses const ref
* use ServerEnv::loadPlayer unconditionnaly as it creates RemotePlayer only if it's not already loaded
* Move hp from Player to LocalPlayer
* Move m_hp from LuaEntitySAO to UnitSAO
* Use m_hp from PlayerSAO/UnitSAO instead of RemotePlayer
* remove IGameDef from Player class, only LocalPlayer has it now
* move many attributes/functions only used by LocalPlayer from Player to LocalPlayer
* move many attributes/functions only used by RemotePlayer from Player to RemotePlayer
* make some functions const
* hudGetHotbarSelectedImage now returns const ref
* RemotePlayer getHotbarSelectedImage now returns const ref
* various code style fixes
* ClientEnvironment now uses UNORDERED MAP for active objects
* Use RemotePlayer and LocalPlayer everywhere it's possible
* Minor code style fixes
* Drop Client::getBreath() unused function
* Server/Client Environments now have an helper to cast Player object in the right type to use it
* Server: use RemotePlayer everywhere and remove previous added casts
* Client: use LocalPlayer where needed
* Environment: remove unused functions (getPlayers(), getRandomConnectedPlayer(), getNearestConnectedPlayer())
* LocalPlayer take ownership of maxHudId as it's the only caller
* RemotePlayer take ownership of day night ratio as it's the only user
* Pass getPlayerControl as const reference to prevent object copy on each call (perf improvement in ObjectRef::l_get_player_control call)
* getPlayerSAO is now only RemotePlayer call
* get/setHotbarItemCount is now RemotePlayer owned
* Server: Use RemotePlayer instead of Player object on concerned call to properly fix the object type
* PlayerSAO now uses RemotePlayer instead of Player because it's only server side
* ObjectRef::getplayer also returns RemotePlayer as it's linked with PlayerSAO
This is part 2 for 5f084cd98d7b3326b51320455364337539710efd
Other improvements:
* Use the defined ItemGroupList when used
* make Client::checkPrivilege const
* inline some trivial functions
* Add ActiveObjectMap typedef
* Add SettingsEntries typedef
This commit refactors the majority of the Mapgen settings system.
- MapgenParams is now owned by MapSettingsManager, itself a part of ServerMap,
instead of the EmergeManager.
- New Script API functions added:
core.get_mapgen_setting
core.get_mapgen_setting_noiseparams,
core.set_mapgen_setting, and
core.set_mapgen_setting_noiseparams.
- minetest.get/set_mapgen_params are deprecated by the above new functions.
- It is now possible to view and modify any arbitrary mapgen setting from a mod,
rather than the base MapgenParams structure.
- MapgenSpecificParams has been removed.
Adds the particle option `collision_removal = bool`
Some particles are hard to use right now since they either go through
solid blocks (without collision detection), and with collision
detection enabled they (e.g. raindrops) would just stop dead on the
floor and sit there until they expire, or worse, scrape along a wall
or ceiling.
We can solve the problem by adding a boolean flag that tells the
particle to be removed if it ever collides with something. This will
make it easier to add rain that doesn't fall through your roof or stick
on the top of it. Or clouds and smoke that don't go through trees.
Particles that collide with this flag are marked expired
unconditionally, causing them to be treated like normal expired
particles and cleaned up normally.
Documentation is adjusted accordingly.
An added bonus of this patch is that particles can potentially collide
many times with nodes, and this reduces the amount of collisions to 1
(max), which may end up reducing particle load on the client.
We introduce a new nodebox type "connected", and allow these nodes to
have optional nodeboxes that connect it to other connecting nodeboxes.
This is all done at scenedraw time in the client. The client will
inspect the surrounding nodes and if they are to be connected to,
it will draw the appropriate connecting nodeboxes to make those
connections.
In the node_box definition, we have to specify separate nodeboxes for
each valid connection. This allows us to make nodes that connect only
horizontally (the common case) by providing optional nodeboxes for +x,
-x, +z, -z directions. Or this allows us to make wires that can connect
up and down, by providing nodeboxes that connect it up and down (+y,
-y) as well.
The optional nodeboxes can be arrays. They are named "connect_top,
"connect_bottom", "connect_front", "connect_left", "connect_back" and
"connect_right". Here, "front" means the south facing side of the node
that has facedir = 0.
Additionally, a "fixed" nodebox list present will always be drawn,
so one can make a central post, for instance. This "fixed" nodebox
can be omitted, or it can be an array of nodeboxes.
Collision boxes are also updated in exactly the same fashion, which
allows you to walk over the upper extremities of the individual
node boxes, or stand really close to them. You can also walk up
node noxes that are small in height, all as expected, and unlike the
NDT_FENCELIKE nodes.
I've posted a screenshot demonstrating the flexibility at
http://i.imgur.com/zaJq8jo.png
In the screenshot, all connecting nodes are of this new subtype.
Transparent textures render incorrectly, Which I don't think is
related to this text, as other nodeboxes also have issues with this.
A protocol bump is performed in order to be able to send older clients
a nodeblock that is usable for them. In order to avoid abuse of users
we send older clients a "full-size" node, so that it's impossible for
them to try and walk through a fence or wall that's created in this
fashion. This was tested with a pre-bump client connected against a
server running the new protocol.
These nodes connect to other nodes, and you can select which ones
those are by specifying node names (or group names) in the
connects_to string array:
connects_to = { "group:fence", "default:wood" }
By default, nodes do not connect to anything, allowing you to create
nodes that always have to be paired in order to connect. lua_api.txt
is updated to reflect the extension to the node_box API.
Example lua code needed to generate these nodes can be found here:
https://gist.github.com/sofar/b381c8c192c8e53e6062
Since commit
3b50b2766aeb09c9fc0ad0ea07426bb2187df3d7 "Optional reconnect functionality"
there is a config option named ask_reconnect_on_crash.
It asks the client to reconnect to the server if the server crashed.
It has been implemeted and works, but due to a function parameter not
being passed it never showed effect. This patch adds the parameter
and fixes the bug.
Also fixes the `reconnect` option of minetest.request_shutdown being ignored.
To avoid spawn search failing in new specialised mapgens
Increase spawn search range to 4000 nodes
Add getSpawnLevelAtPoint() functions to EmergeManager, class Mapgen
and all mapgens
Remove getGroundLevelAtPoint() functions from all mapgens except mgv6
(possibly to be re-added later in the correct form to return actual
ground level)
Make mgvalleys flag names consistent with other mapgens
Remove now unused 'vertical spawn range' setting
Fixes bug for which commit
6c37e89f08f962eaba788a31f5d3c798ceaa65e6 "Fix old client showing duplicated health bar on new server"
by @sapier
laid the groundwork, where the server has
updated its copy of the hud flags without
respecting the mask.
Fixes#3395.
Fix regression of commit
5e507c9829942c434a6f1ae7a4f3a488c7e50bef "Add server side ncurses terminal"
which allowed all players, even those without a shout priv, to chat.
Fixes#3362.
Fix regression of commit
5e507c9829942c434a6f1ae7a4f3a488c7e50bef "Add server side ncurses terminal"
where no line termination character was printed after a
lua print outside of terminal mode.
Fixes#3350.
This adds a chat console the server owner can use for administration
or to talk with players.
It runs in its own thread, which makes the user interface immune to
the server's lag, behaving just like a client, except timeout.
As it uses the same console code as the f10 console, things like nick
completion or a scroll buffer basically come for free.
The terminal itself is written in a general way so that adding a
client version later on is just about implementing an interface.
Fatal errors are printed after the console exists and the ncurses
terminal buffer gets cleaned up with endwin(), so that the error still
remains visible.
The server owner can chose their username their entered text will
have in chat and where players can send PMs to.
Once the username is secured with a password to prevent anybody to
take over the server, the owner can execute admin tasks over the
console.
This change includes a contribution by @kahrl who has improved ncurses
library detection.
It isn't possible to use atomic operations for floats, so don't use them there.
Having a lock is good out of other reasons too, because this way the float time
and the integer time both match, and can't get different values in a race,
e.g. when two setTimeofDay() get executed simultaneously.
Previously, the server called FATAL_ERROR when a Lua error occured.
This caused a (mostly useless) core dump.
The server now simply throws an exception, which is caught and printed before
exiting with a non-zero return value.
This also fixes a number of instances where errors were logged multiple times.
Increase default from 6 to 16 to help with mgv7 and mgfractal
Large-scale or alternative mapgens can result in a lowland spawn point not
being found, causing a spawn at (0, 0, 0) possibly buried underground
The max height is now settable to allow correct player spawn
in any mapgen or when using custom noise parameters
-> Put access to time variables under the time lock.
-> Merge both time locks, there is no point to have two locks.
-> Fix the lock being released too early in Environment::setTimeOfDay
-> Add serverside getter so that you don't have to get
the environment if you only have the server