testserver/patches/server/0820-Validate-usernames.patch

88 lines
4.6 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Spottedleaf <Spottedleaf@users.noreply.github.com>
Date: Sat, 1 Jan 2022 05:19:37 -0800
Subject: [PATCH] Validate usernames
diff --git a/src/main/java/com/destroystokyo/paper/PaperConfig.java b/src/main/java/com/destroystokyo/paper/PaperConfig.java
index a1e36435187a51d2fe100945b90f409b8f9305c1..6706e502a068766e2eff3f790bbca004698932d1 100644
--- a/src/main/java/com/destroystokyo/paper/PaperConfig.java
+++ b/src/main/java/com/destroystokyo/paper/PaperConfig.java
@@ -491,6 +491,12 @@ public class PaperConfig {
set("settings.unsupported-settings.allow-tnt-duplication", null);
}
+ public static boolean performUsernameValidation;
+ private static void performUsernameValidation() {
+ performUsernameValidation = getBoolean("settings.unsupported-settings.perform-username-validation", true);
+ }
+
+
public static int playerAutoSaveRate = -1;
public static int maxPlayerAutoSavePerTick = 10;
private static void playerAutoSaveRate() {
diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
index 38521660c6fa7c1a19c5268dac05928b5ec983f4..221f32e034ccb57907f79bae4ecec324e9cdb14e 100644
--- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
+++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
@@ -71,6 +71,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener
private ProfilePublicKey playerProfilePublicKey;
public String hostname = ""; // CraftBukkit - add field
private int velocityLoginMessageId = -1; // Paper - Velocity support
+ public boolean iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation = false; // Paper - username validation overriding
public ServerLoginPacketListenerImpl(MinecraftServer server, Connection connection) {
this.state = ServerLoginPacketListenerImpl.State.HELLO;
@@ -263,10 +264,38 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener
}
}
+ // Paper start - validate usernames
+ public static boolean validateUsername(String in) {
+ if (in == null || in.isEmpty() || in.length() > 16) {
+ return false;
+ }
+
+ for (int i = 0, len = in.length(); i < len; ++i) {
+ char c = in.charAt(i);
+
+ if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || (c == '_' || c == '.')) {
+ continue;
+ }
+
+ return false;
+ }
+
+ return true;
+ }
+ // Paper end - validate usernames
+
@Override
public void handleHello(ServerboundHelloPacket packet) {
Validate.validState(this.state == ServerLoginPacketListenerImpl.State.HELLO, "Unexpected hello packet", new Object[0]);
Validate.validState(ServerLoginPacketListenerImpl.isValidUsername(packet.name()), "Invalid characters in username", new Object[0]);
+ // Paper start - validate usernames
+ if (com.destroystokyo.paper.PaperConfig.isProxyOnlineMode() && com.destroystokyo.paper.PaperConfig.performUsernameValidation) {
+ if (!this.iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation && !validateUsername(packet.name())) {
+ ServerLoginPacketListenerImpl.this.disconnect("Failed to verify username!");
+ return;
+ }
+ }
+ // Paper end - validate usernames
try {
this.playerProfilePublicKey = ServerLoginPacketListenerImpl.validatePublicKey(packet, this.server.getServiceSignatureValidator(), this.server.enforceSecureProfile());
diff --git a/src/main/java/net/minecraft/server/players/PlayerList.java b/src/main/java/net/minecraft/server/players/PlayerList.java
index ac9ee7f574f9b6c5e9c9368e54928e47ca62fb24..6951b8e320dcea2c2ce4271ed03a20c729ff503b 100644
--- a/src/main/java/net/minecraft/server/players/PlayerList.java
+++ b/src/main/java/net/minecraft/server/players/PlayerList.java
@@ -707,7 +707,7 @@ public abstract class PlayerList {
for (int i = 0; i < this.players.size(); ++i) {
entityplayer = (ServerPlayer) this.players.get(i);
- if (entityplayer.getUUID().equals(uuid)) {
+ if (entityplayer.getUUID().equals(uuid) || (com.destroystokyo.paper.PaperConfig.isProxyOnlineMode() && entityplayer.getGameProfile().getName().equalsIgnoreCase(gameprofile.getName()))) { // Paper - validate usernames
list.add(entityplayer);
}
}