Archiviert
13
0
Commit graph

715 Commits

Autor SHA1 Nachricht Datum
Kristian
867afe29f7 Minecraft 1.5.1 seems to work fine. 2013-04-07 15:57:38 +02:00
Kristian
3ee38d7b6d Arbitrary code execution is very dangerous. Limit to debug mode.
The filter command allows users with sufficient permission (or OPs) to
execute arbitrary JavaScript (no sandboxing). This is fine for a
debug and testing, but could potentially be exploited in a
production environment. 

Instead, we disable this command by default and force users to enable it
specifically in the configuration file (not through commands). If
someone has access to the config.yml file, they probably also have
access to the plugins/ folder and thus the ability to install plugins
with arbitrary code execution as well.
2013-04-07 15:57:01 +02:00
Kristian
15980d70fb Added a simple filter system that utilizes JavaScript (Rhino)
This makes it possible to filter packet events with arbitrary code.
2013-04-07 15:33:19 +02:00
Kristian S. Stangeland
5720994a31 Merge remote-tracking branch 'origin/master' 2013-04-02 14:30:14 +02:00
Kristian S. Stangeland
22beae23e0 Retrieve the correct Nbt base class 2013-04-02 14:28:34 +02:00
Kristian S. Stangeland
fb441b4910 Retrieve the correct Minecraft superclass 2013-04-02 14:12:36 +02:00
Kristian S. Stangeland
9a34036d14 Improve Minecraft class detection 2013-04-02 13:55:18 +02:00
Kristian Stangeland
27da638a91 Update the player instance on login (LOWEST), not HIGHEST.
Should ensure that packet listeners recieve the most up-to-date player
instance, regardless of whether or not the main thread is blocked in the
player listener. No more temporary players.
2013-03-28 22:27:58 -04:00
Kristian Stangeland
b3322b35c1 Prevent ConcurrentModifcationExceptions.
See http://pastebin.com/UBvGSFs9/
2013-03-28 21:58:06 -04:00
Kristian S. Stangeland
a43428c2c4 No need to create the dependency reduced POM 2013-03-23 15:45:57 +01:00
Kristian S. Stangeland
d643690eef Added a small patch for Libigot. 2013-03-21 02:10:30 +01:00
Kristian S. Stangeland
310fd18e89 Ignore players that have logged out and have not been injected. 2013-03-17 23:55:08 +01:00
Kristian S. Stangeland
da0bcaa482 Seems to pass all the preliminary tests. 2013-03-13 23:59:13 +01:00
Kristian S. Stangeland
ed9b61fd11 Use an atomic reference array instead of ConcurrentHashMap for listeners 2013-03-12 02:33:35 +01:00
Kristian S. Stangeland
e3cfa45607 Ensure that monitor listeners cannot modify a packet event. 2013-03-12 02:02:36 +01:00
Kristian S. Stangeland
1bd0db20ce Invoke MONITOR listeners, even if we are bypassing normal listeners. 2013-03-12 01:16:07 +01:00
Kristian S. Stangeland
3c97cffc09 After Minecraft 1.4.4, CraftBukkit no longer redirects MAP_CHUNK.
We can therefore relax the requirements in NetworkFieldInjector and
NetworkObjectInjetor.
2013-03-12 00:52:09 +01:00
Kristian S. Stangeland
a798147e71 Correctly override SpoutPlugin's sendPacket method. 2013-03-10 18:52:41 +01:00
Kristian S. Stangeland
e8f5bce3d5 Update JavaDoc for 2.3.0 2013-03-05 17:07:09 +01:00
Kristian S. Stangeland
ef334aff50 Merge branch 'master' into gh-pages 2013-03-05 16:59:29 +01:00
Kristian S. Stangeland
9b3893b807 Useless changes. 2013-03-05 16:59:22 +01:00
Kristian S. Stangeland
4406cdb571 Increment to version 2.3.0 2013-03-05 16:51:08 +01:00
Kristian S. Stangeland
9a16143c89 Small documentation fix. 2013-03-05 16:50:59 +01:00
Kristian S. Stangeland
9f6b4b60e3 Don't overwrite an existing player injector in net login. 2013-03-04 16:54:54 +01:00
Kristian S. Stangeland
b1b6e9ec20 In blocking hash map, don't remove locks if the value has been replaced 2013-03-04 13:29:46 +01:00
Kristian S. Stangeland
6019ab177c Create a dummy injector if we haven't yet injected the player. 2013-03-04 00:44:09 +01:00
Kristian S. Stangeland
d387b2d792 Improve client packet interception by about 37%. 2013-03-03 14:49:20 +01:00
Kristian S. Stangeland
2985dc9cf8 Be less picky over what packets to subclass. FIXES Ticket-49 2013-02-28 22:30:37 +01:00
Kristian S. Stangeland
8388a77f0b Catch ConnectExceptions - they are not serious. 2013-02-28 22:07:53 +01:00
Kristian S. Stangeland
2e0acd3a78 Increment version to 2.2.4-SNAPSHOT 2013-02-28 02:15:22 +01:00
Kristian S. Stangeland
d60ab3e953 Identify player connections by socket address.
It's the only thing that will not not be removed when a
network manager closes, making it relatively safe to block on.
2013-02-28 01:39:49 +01:00
Kristian S. Stangeland
fbfbd28bea We might revert this some other time, if we need to support other JVMs 2013-02-27 01:15:06 +01:00
Kristian S. Stangeland
c7737ca96e It's an injector container. 2013-02-27 01:10:21 +01:00
Kristian S. Stangeland
c32d225ef3 Use socket as key instead of input stream. 2013-02-27 01:09:22 +01:00
Kristian S. Stangeland
56807cbd3a Don't throw a NullPointerException if the injection fails. 2013-02-26 19:14:40 +01:00
Kristian S. Stangeland
3357fd6c9c Fix NPE in CleanupStaticMembers.
Determine if this is really necessary. No point cleanup up after
yourself in a sewer.
2013-02-26 13:37:33 +01:00
Kristian S. Stangeland
7968f1ce4f Incremented to 2.2.3-SNAPSHOT 2013-02-26 01:24:20 +01:00
Kristian S. Stangeland
575248063d Attempt to correct a NPE due to a NULL socket. 2013-02-26 01:23:54 +01:00
Kristian S. Stangeland
2cf265f8e8 Switch to a better InputStream -> Socket lookup for normal JVM. 2013-02-25 22:12:18 +01:00
Kristian S. Stangeland
9195e677ab Essentially, it's a lookup for a player's input stream.
Or: InputStream -> PlayerInjector -> Player.
2013-02-25 20:32:27 +01:00
Kristian S. Stangeland
8c2f6bddd8 Moved classes that inject into the server thread to a separate package 2013-02-25 20:28:57 +01:00
Kristian S. Stangeland
89d2604ce2 We cannot support plugin reloaders (PlugMan, PluginManagers).
This is because multiple plugins depend on us, and are not properly 
notified after ProtocolLib has been reloaded.

The only possible solution is to reload every dependent plugin after 
ProtocolLib has been reloaded, but unfortunately, I ran into
LinkageErrors when I tried it. So it's probably not possible with the
current architecture to support reloaders.

Instead, we'll simply print a BIG BOLD warning telling any users of
these plugins that ProtocolLib cannot be reloaded except through the
built in "/reload" command.
2013-02-25 14:38:53 +01:00
Kristian S. Stangeland
df4542017a Increment to 2.2.2-SNAPSHOT 2013-02-25 02:00:15 +01:00
Kristian S. Stangeland
ffd920e5b2 Experimental: InputStream -> Socket lookup by intercepting accept().
Previously, we have used a BlockingHashMap to simply lock the packet
read thread until we have had a chance to intercept the
NetLoginHandler/PendingConnection and store InputStream ->
PlayerInjector -> TemporaryPlayer. 

Problem is, this could potentially cause problems if, for some reason, a
packet is intercepted after the player has logged out and the player
injector has been removed from the lookup map. In that case, the read
thread would wait until it reaches the default timeout of 2 seconds.
Locking threads is fairly inefficient in general, and waiting for the
server connection thread to update the NetLoginHandler list could take a
while.

Instead, ProtocolLib will now intercept any Socket accepted in the
server's main ServerSocket, and record any calls to getInputStream().
That way, we can get a InputStream -> Socket mapping before the server
thread ever creates the read and write threads in NetLoginHandler ->
NetworkManager.

Unfortunately, it's not trivial to swap out the ServerSocket in the
DedicatedServerConnectionThread - we actually have to trigger the
accept() thread and move through a cycle of the loop before our custom 
ServerSocket is used. To do this, we will actually connect to the server
and read its MOTD manually, hopefully getting to it before any other
players. 

This creates a slight overhead of a couple of threads per server start,
but it's probably much better than locking the read thread. More testing
is needed though before this can be confirmed.
2013-02-25 01:59:48 +01:00
Kristian S. Stangeland
9b0fe540c2 Fixed a couple of bugs discovered by FindBugs. 2013-02-19 17:25:59 +01:00
Kristian S. Stangeland
bf443be0d3 Add the ability to read arbitrary objects.
Perhaps NbtBase shouldn't have implemented getValue() after all - it
would have been better to have a shared base interface with getName()
and getType(), and only let the primitive elements implement getValue().

Too late to change it now though.
2013-02-18 15:49:30 +01:00
Kristian S. Stangeland
61ae40b936 NbtCompound can now accepts arbitrary primitive, list or map objects. 2013-02-18 13:27:41 +01:00
Kristian S. Stangeland
e919056f9b Provide a remove method in NbtCompound. Discourage getValue().
Added a missing remove method in NbtCompound. In addition, the
getValue() method in NbtCompount has been depreciated. It is far better
to use the put and get methods in NbtCompound instead.
2013-02-17 02:32:14 +01:00
Kristian S. Stangeland
8c0a671078 Correctly print the content of map objects in packets. 2013-02-16 12:33:14 +01:00
Kristian S. Stangeland
3ae10d9123 Retry again if the hack isn't ready. 2013-02-14 20:14:34 +01:00