Jump to content
Sign in to follow this  
-Total-

How to configure your dedicated server so it prevents ACE users joining

Recommended Posts

Our server does not run ACE and we do not want it to.

Disclaimer before I go further - I think ACE is a wonderful community mod. I really enjoyed it in ArmA 1. The frequent updates though can cause problems in having different versions trying to join as well as the fact that I am the admin of a shared IP server. The frequent ACE updates (which show they're working on it - that's good) make it hell for me to keep it updated.

Unfortunately, people joining with the ACE mod installed are causing issues with out server. People without ACE getting "ACE" file errors, the RPT file getting alrger than it should, and JIP who has ACE along with certain other mods can cause the server to hang or reset.

I know I can set verifySignatures to 1 in the config file, but I don't want to keep those who aren't running ACE, but are running addons that we don't from joining.

I also don't want to fill up my keys directory with every addon key from armaholic.

Is there a way to specify that is a player is running certain addons that the server will prevent from joining?

Edited by -Total-

Share this post


Link to post
Share on other sites

I also don't want to fill up my keys directory with every addon key from armaholic.

Shouldnt harm to do it this way buddy (its just the time involved, but im guessing that theres only a few that you really need,).,,, but I also would be interested to know if whay you propose is possible.......

Share this post


Link to post
Share on other sites

If every item at armaholic has a key, then that's 407 keys I'd have to load minus one for ACE.

Not a feasible solution. That's 400KB the server has to go through on each JIP.

I don't want to exclude anyone tho. If ACE didn't cause the problems on non-ACE servers, it would be an issue.

Warning Message: No entry 'bin\config.bin/CfgWeapons.ACE_Earplugs'.

Warning Message: Error: creating weapon ACE_Earplugs with scope=private

Cannot create non-ai vehicle ACE_ArtyShellCrater,

Warning Message: No entry 'bin\config.bin/CfgMagazines.ACE_M136_Used'.

Warning Message: Error: creating magazine ACE_M136_Used with scope=private

To name a few. Also ones with Sungalasses, bandages, etc

As soon as someone with ACE joins, I can watch my RPT file start growing on each refresh. It's ridiculous. It's a great mod, but just not friendly to those of us who do not wish to use it.

Edited by -Total-

Share this post


Link to post
Share on other sites
If every item at armaholic has a key, then that's 407 keys I'd have to load minus one for ACE.

Not a feasible solution. That's 400KB the server has to go through on each JIP.

Agreed not a feasible solution to have them all.. but I was just thinking of the More popular ones....... ..... sound mods etc.... Only as a temp solution until a better one comes along....

If we could have a decent way of putting messages on our servers in the multiplayer screen would be a better way..... NO ACE MODS ALLOWED should be all it would take.... but thats another story :( its a shame that the Rcon control didnt have somthing..... similar to the MaxPing feature.... Modsnotallowed = ACE :) ....

Share this post


Link to post
Share on other sites

I'm an admin for a server that also was having problems with ACE, but didn't want to stop players using other addons from joining. The solution that I came up with and have been using for a month or two now is to turn on verify signatures and then use server side scripting to modify what happens when a addon that the server doesn't have the key for is detected.

In the server's config file the onUnsignedData event handler looks like this, basically when the server detects an addon that it doesn't have a key for it checks the directory of the addon if the directory starts with @ACE\ then the player is kicked. For all other addons (including the ACE sound mod) the player is let in.

onUnsignedData = "name_test=toArray (_this select 1);name_cut=[];for '_l' from 0 to 4 do{name_cut set [_l,name_test select _l];};name_test=toString name_cut;if(name_test==""@ACE\"")then{kick (_this select 0);}else{unsigned set [(count unsigned),[(_this select 0),(_this select 1)]];};";

Now the version above also stores the names of all the other addons in a (previously created) array for the admin to look at, at any time, but obviously not everyone is going to want to do this. Below is a version that just searches for ACE and then kicks players who are using it.

onUnsignedData = "name_test=toArray (_this select 1);name_cut=[];for '_l' from 0 to 4 do{name_cut set [_l,name_test select _l];};name_test=toString name_cut;if(name_test==""@ACE\"")then{kick (_this select 0);};";

There are a couple of drawbacks to this script, but neither causes any real problems. The first one is that it relies on ACE being installed in the ACE directory, but as ACE is installed by the six updater this shouldn't be a problem. The other drawback is that all players that use addons that the server doesn't have a key for still receive the message about their use of unsigned addons, but once they click ok they're allowed to play on the server.

Share this post


Link to post
Share on other sites

That only seems to compare for the first 5 characters, not the whole mod string. What if a player had -mod=@cba;@ace? I see the addon sync servers for ACE have @cba loaded first so it's probably quite common too. Lower case letters as well.

Share this post


Link to post
Share on other sites

True the script does only check the first five characters, but that is all it needs to check. This is because it is not checking the client's mod parameter, it is checking the directory where the mod is installed. :)

For every PBO that the server doesn't have a key for it fires off the onUnsignedData event handler. It passes an array containing the id of the player who has the unsigned data and the directory and file name of the PBO it found, an example of which can be seen below.

[5,"@ACE\AddOns\somefile.pbo"]

For more information see the BI Wiki Server Side Scripting page.

Share this post


Link to post
Share on other sites

Total, I'm with you on this. ACE2 is good, but it's too much hard work for server admins.

I'm going to try out Trit's solution.

---------- Post added at 10:26 AM ---------- Previous post was at 09:11 AM ----------

This isn't working for me, can anyone help?

I turned on sg checking and put in the second line of code that trit showed, but the server shows a red dot in the browser. I don't have ACE installed.

Do I need to have keys on the server and bisigns on my client for every addon I have installed?

Share this post


Link to post
Share on other sites

Using ACE v1.0 instead of beta dev keeps you out of the updating nightmare.

Now that a stable 1.0 is out, why not use it?

Share this post


Link to post
Share on other sites
Now that a stable 1.0 is out, why not use it?

Because I don't want to, but you're offtopic here.

Share this post


Link to post
Share on other sites

I was addressing this

ACE2 is good, but it's too much hard work for server admins.
which is wrong once you use the official stable release of ACE2. Not a stab at you, btw, I'm just pointing out that there are stable version of ACE2 that do not require regular updates, and you may want to reconsider your position about ACE if solely based on update difficulty

Anyway, just to clarify :

* Server is NOT running ACE

* Server has no ACE key

all true?

Share this post


Link to post
Share on other sites
I was addressing this which is wrong once you use the official stable release of ACE2. Not a stab at you, btw, I'm just pointing out that there are stable version of ACE2 that do not require regular updates, and you may want to reconsider your position about ACE if solely based on update difficulty

It's not just about the updates. Primarily, I started developing a mission months ago, before ACE2 was stable and to ACE2'ify it now would be too much work.

Anyway, just to clarify :

* Server is NOT running ACE

* Server has no ACE key

all true?

Yes to both. The server has never had ACE or it's keys.

Share this post


Link to post
Share on other sites

Well, the red dot is only indicative of difference between .bisign of your loaded addons, and keys on server. If the server-side scripting lets you in, you should still be able to connect

Apart from the red dot, are you able to join in?

Other Q : are your addons unsigned, or signed by a key not present on server? The above script only address the former addon-type, because it's set on onUnsignedData

Share this post


Link to post
Share on other sites
Well, the red dot is only indicative of difference between .bisign of your loaded addons, and keys on server. If the server-side scripting lets you in, you should still be able to connect

Apart from the red dot, are you able to join in?

Other Q : are your addons unsigned, or signed by a key not present on server? The above script only address the former addon-type, because it's set on onUnsignedData

Grrrr. Now I'm getting different results. :(

Server ONLY has bi.bikey and client has no bisigns and sure enough, red light, but it now I can join and get the message addons etc don;t have sigs accepted by this server etc etc.

That's the expected result, I assume?

edit2*** And now if I add a dummy @ACE and @ACEX folder to my client side addons, I do actually get kicked. That's excellent! Now to work out how to get the server to allow all the rest of the addons _without_ installing keys

---------- Post added at 04:01 PM ---------- Previous post was at 03:45 PM ----------

If I start my client with no addons, I get a green light. Excellent!

If I start my client with my normal set of addons (some PROPER mods, gachopins H53, Warfx and JTD Fire&Smoke(No bikeys or bisigns)) it gives me the big warning message, lets me click OK and then stalls. Expected behaviour?

Edited by Tankbuster

Share this post


Link to post
Share on other sites

It seems indeed that verifySignatures must be set to 1.

If I add to the server config:

onUnsignedData = "a = 1;";
onDifferentData = "b = 1;";
onHackedData = "c = 1;";

Then when I join (with ACE enabled) the server, it will warn me; hey these bunch of ace addons are not accepted by server, however when I click okay.. I remain in the server!

(If I remove a = 1; etc, I will be kicked again).

Changing it to:

onUnsignedData = "name_test=toArray (_this select 1);name_cut=[];for '_l' from 0 to 4 do{name_cut set [_l,name_test select _l];};name_test=toString name_cut;if(name_test==""@ACE\"")then{kick (_this select 0);};";
onDifferentData = "name_test=toArray (_this select 1);name_cut=[];for '_l' from 0 to 4 do{name_cut set [_l,name_test select _l];};name_test=toString name_cut;if(name_test==""@ACE\"")then{kick (_this select 0);};";
onHackedData = "name_test=toArray (_this select 1);name_cut=[];for '_l' from 0 to 4 do{name_cut set [_l,name_test select _l];};name_test=toString name_cut;if(name_test==""@ACE\"")then{kick (_this select 0);};";

Seems to provide the exact functionality as wished for.

We should add a CIT suggestion for BIS to expose diag_log in the ServerSide VM :D

Edited by Sickboy

Share this post


Link to post
Share on other sites

I can't make this work. :(

I've made a fake @ACE install. I have @ACE, @ACEX, @ACEX_PLA and @ACE_SM folders and they are called by the desktop shortcut.

It complains about unsigned addons (I added bisgns and bikeys for CBA to test, works fine) but it still lets me join with these ACE folders in.

Share this post


Link to post
Share on other sites

You using the 3 last lines I added? Any errors in rpt? Linux/Win?

Ah, the issue is the 'fake' folders. It will only trigger on a real addon inside the folder :)

Share this post


Link to post
Share on other sites

Yes I used the last 3 lines, the name_test to array ones.

It's checking for genuine ACE installs? The OP was only checking for the presence of the named folder. I'll install ACE and try again. Thanks SB.

Share this post


Link to post
Share on other sites

No worries! Any (non signature accepted) PBO is fine though.

Share this post


Link to post
Share on other sites

Oh, I see, so my @ACE directories can have (inside an AddOns directory) any old unsigned PBO? Not necessarily the genuine ACE content...

Maybe I'll put aside my prejudices and have another go at ACE and the SIXU while am about this testing. :)

---------- Post added at 08:59 PM ---------- Previous post was at 07:06 PM ----------

ACE installed via SIX updater and behaviour is unchanged. It mentions all the unsigned addons, including the ACE ones, but clicking continue lets me join and play. :(

Share this post


Link to post
Share on other sites

hmmm, linux or windows, im testing with windows, 1.05. Will give the beta a spin now.

Share this post


Link to post
Share on other sites
Server is windows.

Copy, just finished test with beta, works fine too for me.

My results somehow are exactly as expected: when addons are detected in @ace the user is kicked, however joining for example with @cba is allowed.

This is the exact code im using in the server.cfg loaded with -config

http://www.pastie.org/978737

If I change them to the onUnsignedData = "a = 1"; etc I get the same behaviour as you; can just play.

Upd Actually I just updated the pastie, with toLower and @ace in lowercase, perhaps there's something in that?

Edited by Sickboy

Share this post


Link to post
Share on other sites

It's working! I used the lines from your pastie and it started working.

Many thanks mate.

Share this post


Link to post
Share on other sites
It's working! I used the lines from your pastie and it started working.

Many thanks mate.

No problem, glad you have a solution to your problem now :)

Oh and of course many thanks to the original author of the snippet; MSG Trit :)

Edited by Sickboy

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×