From 9227a9648c4172b2f201b1d7674607ae9d09701b Mon Sep 17 00:00:00 2001 From: Owen1212055 <23108066+Owen1212055@users.noreply.github.com> Date: Wed, 6 Dec 2023 20:26:58 -0500 Subject: [PATCH] Clean up username validation logic --- patches/server/0738-Validate-usernames.patch | 69 ++++++++++--------- ...Hostname-to-AsyncPlayerPreLoginEvent.patch | 4 +- ...5-Add-Velocity-IP-Forwarding-Support.patch | 8 +-- 3 files changed, 41 insertions(+), 40 deletions(-) diff --git a/patches/server/0738-Validate-usernames.patch b/patches/server/0738-Validate-usernames.patch index 7ce986ccde..39e337ef3e 100644 --- a/patches/server/0738-Validate-usernames.patch +++ b/patches/server/0738-Validate-usernames.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Validate usernames diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java -index 0c4fb4a7d4fcdc6d724beb13a16bd729a3c525cd..20ba13c06edf125ba216d1ca8794868abcd8f916 100644 +index 0c4fb4a7d4fcdc6d724beb13a16bd729a3c525cd..fa6c77391ac40f86e1b679ef21f4ee43177857c8 100644 --- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java +++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java @@ -63,6 +63,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, @@ -16,42 +16,12 @@ index 0c4fb4a7d4fcdc6d724beb13a16bd729a3c525cd..20ba13c06edf125ba216d1ca8794868a public ServerLoginPacketListenerImpl(MinecraftServer server, Connection connection) { this.state = ServerLoginPacketListenerImpl.State.HELLO; -@@ -134,10 +135,38 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, - return this.requestedUsername != null ? this.requestedUsername + " (" + s + ")" : s; - } - -+ // Paper start - validate usernames -+ public static boolean validateUsername(String in) { -+ if (in == null || in.isEmpty() || in.length() > 16) { -+ return false; -+ } -+ -+ for (int i = 0, len = in.length(); i < len; ++i) { -+ char c = in.charAt(i); -+ -+ if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || (c == '_' || c == '.')) { -+ continue; -+ } -+ -+ return false; -+ } -+ -+ return true; -+ } -+ // Paper end - validate usernames -+ +@@ -137,7 +138,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, @Override public void handleHello(ServerboundHelloPacket packet) { Validate.validState(this.state == ServerLoginPacketListenerImpl.State.HELLO, "Unexpected hello packet", new Object[0]); - Validate.validState(Player.isValidUsername(packet.name()), "Invalid characters in username", new Object[0]); -+ // Paper start - validate usernames -- TODO: Do we need this? -+ if (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.isProxyOnlineMode() && io.papermc.paper.configuration.GlobalConfiguration.get().unsupportedSettings.performUsernameValidation) { -+ if (!this.iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation && !validateUsername(packet.name())) { -+ ServerLoginPacketListenerImpl.this.disconnect("Failed to verify username!"); -+ return; -+ } -+ } -+ // Paper end - validate usernames +- Validate.validState(Player.isValidUsername(packet.name()), "Invalid characters in username", new Object[0]); ++ if (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.isProxyOnlineMode() && io.papermc.paper.configuration.GlobalConfiguration.get().unsupportedSettings.performUsernameValidation && !this.iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation) Validate.validState(Player.isValidUsername(packet.name()), "Invalid characters in username", new Object[0]); // Paper - config username validation this.requestedUsername = packet.name(); GameProfile gameprofile = this.server.getSingleplayerProfile(); @@ -68,3 +38,34 @@ index 30ad9f878d0b76c6bef594448c3122d614a7aa8c..147fed3b3f0b052bc2892eaf001f0fb5 list.add(entityplayer); } } +diff --git a/src/main/java/net/minecraft/world/entity/player/Player.java b/src/main/java/net/minecraft/world/entity/player/Player.java +index bce494bb7bc1ce20809ac7d355f04aa7aad78308..7a984f531d3ebb6e055f07227b2ef8247fb3a842 100644 +--- a/src/main/java/net/minecraft/world/entity/player/Player.java ++++ b/src/main/java/net/minecraft/world/entity/player/Player.java +@@ -2340,9 +2340,23 @@ public abstract class Player extends LivingEntity { + } + + public static boolean isValidUsername(String name) { +- return name.length() > 16 ? false : name.chars().filter((i) -> { +- return i <= 32 || i >= 127; +- }).findAny().isEmpty(); ++ // Paper start ++ if (name == null || name.isEmpty() || name.length() > 16) { ++ return false; ++ } ++ ++ for (int i = 0, len = name.length(); i < len; ++i) { ++ char c = name.charAt(i); ++ ++ if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || (c == '_' || c == '.')) { ++ continue; ++ } ++ ++ return false; ++ } ++ ++ return true; ++ // Paper end + } + + public static float getPickRange(boolean creative) { diff --git a/patches/server/0746-Added-getHostname-to-AsyncPlayerPreLoginEvent.patch b/patches/server/0746-Added-getHostname-to-AsyncPlayerPreLoginEvent.patch index 633d55f59f..185664caf6 100644 --- a/patches/server/0746-Added-getHostname-to-AsyncPlayerPreLoginEvent.patch +++ b/patches/server/0746-Added-getHostname-to-AsyncPlayerPreLoginEvent.patch @@ -5,10 +5,10 @@ Subject: [PATCH] Added getHostname to AsyncPlayerPreLoginEvent diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java -index 20ba13c06edf125ba216d1ca8794868abcd8f916..5c767318ff3f589ecebb9608ce173fa578e330a5 100644 +index fa6c77391ac40f86e1b679ef21f4ee43177857c8..d52d3808a058b6eef57639f1d455986b9681f645 100644 --- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java +++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java -@@ -322,7 +322,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, +@@ -294,7 +294,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, // Paper start com.destroystokyo.paper.profile.PlayerProfile profile = com.destroystokyo.paper.profile.CraftPlayerProfile.asBukkitMirror(gameprofile); diff --git a/patches/server/0835-Add-Velocity-IP-Forwarding-Support.patch b/patches/server/0835-Add-Velocity-IP-Forwarding-Support.patch index 37a848e94f..81a27494b0 100644 --- a/patches/server/0835-Add-Velocity-IP-Forwarding-Support.patch +++ b/patches/server/0835-Add-Velocity-IP-Forwarding-Support.patch @@ -123,7 +123,7 @@ index 5264235c1547c78b8123e2efb07dcb77486cc5bf..db363bca264e37c29fda58291246aba0 DedicatedServer.LOGGER.warn("While this makes the game possible to play without internet access, it also opens up the ability for hackers to connect with any username they choose."); } diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java -index 5c767318ff3f589ecebb9608ce173fa578e330a5..83605748ca8cf68c0fc6d99c34f3091183c7a059 100644 +index d52d3808a058b6eef57639f1d455986b9681f645..89b3184be952fd0803520dd0f717f3acfc3cb496 100644 --- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java +++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java @@ -64,6 +64,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, @@ -134,7 +134,7 @@ index 5c767318ff3f589ecebb9608ce173fa578e330a5..83605748ca8cf68c0fc6d99c34f30911 public ServerLoginPacketListenerImpl(MinecraftServer server, Connection connection) { this.state = ServerLoginPacketListenerImpl.State.HELLO; -@@ -177,6 +178,16 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, +@@ -149,6 +150,16 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, this.state = ServerLoginPacketListenerImpl.State.KEY; this.connection.send(new ClientboundHelloPacket("", this.server.getKeyPair().getPublic().getEncoded(), this.challenge)); } else { @@ -151,7 +151,7 @@ index 5c767318ff3f589ecebb9608ce173fa578e330a5..83605748ca8cf68c0fc6d99c34f30911 // Spigot start // Paper start - Cache authenticator threads authenticatorPool.execute(new Runnable() { -@@ -314,6 +325,12 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, +@@ -286,6 +297,12 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, public class LoginHandler { public void fireEvents(GameProfile gameprofile) throws Exception { @@ -164,7 +164,7 @@ index 5c767318ff3f589ecebb9608ce173fa578e330a5..83605748ca8cf68c0fc6d99c34f30911 String playerName = gameprofile.getName(); java.net.InetAddress address = ((java.net.InetSocketAddress) ServerLoginPacketListenerImpl.this.connection.getRemoteAddress()).getAddress(); java.net.InetAddress rawAddress = ((java.net.InetSocketAddress) ServerLoginPacketListenerImpl.this.connection.channel.remoteAddress()).getAddress(); // Paper -@@ -363,6 +380,49 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, +@@ -335,6 +352,49 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, @Override public void handleCustomQueryPacket(ServerboundCustomQueryAnswerPacket packet) {