From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Spottedleaf Date: Sat, 1 Jan 2022 05:19:37 -0800 Subject: [PATCH] Validate usernames diff --git a/src/main/java/com/destroystokyo/paper/PaperConfig.java b/src/main/java/com/destroystokyo/paper/PaperConfig.java index 609f7ff543353ede53dc46dafc5a2fd0b0622cd8..32f258997face08c20d787b5a9534cb8f3ae4906 100644 --- a/src/main/java/com/destroystokyo/paper/PaperConfig.java +++ b/src/main/java/com/destroystokyo/paper/PaperConfig.java @@ -493,6 +493,12 @@ public class PaperConfig { set("settings.unsupported-settings.allow-tnt-duplication", null); } + public static boolean performUsernameValidation; + private static void performUsernameValidation() { + performUsernameValidation = getBoolean("settings.unsupported-settings.perform-username-validation", true); + } + + public static int playerAutoSaveRate = -1; public static int maxPlayerAutoSavePerTick = 10; private static void playerAutoSaveRate() { diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java index f5c1dff1d571e89f960f11400edbcbbea0620575..7065aa4522431d08018fec8e591ba7c255398140 100644 --- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java +++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java @@ -61,6 +61,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener private ServerPlayer delayedAcceptPlayer; public String hostname = ""; // CraftBukkit - add field private int velocityLoginMessageId = -1; // Paper - Velocity support + public boolean iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation = false; // Paper - username validation overriding public ServerLoginPacketListenerImpl(MinecraftServer server, Connection connection) { this.state = ServerLoginPacketListenerImpl.State.HELLO; @@ -226,11 +227,39 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener // Paper end } + // Paper start - validate usernames + public static boolean validateUsername(String in) { + if (in == null || in.isEmpty() || in.length() > 16) { + return false; + } + + for (int i = 0, len = in.length(); i < len; ++i) { + char c = in.charAt(i); + + if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || (c == '_' || c == '.')) { + continue; + } + + return false; + } + + return true; + } + // Paper end - validate usernames + @Override public void handleHello(ServerboundHelloPacket packet) { Validate.validState(this.state == ServerLoginPacketListenerImpl.State.HELLO, "Unexpected hello packet", new Object[0]); this.gameProfile = packet.getGameProfile(); Validate.validState(ServerLoginPacketListenerImpl.isValidUsername(this.gameProfile.getName()), "Invalid characters in username", new Object[0]); + // Paper start - validate usernames + if (com.destroystokyo.paper.PaperConfig.isProxyOnlineMode() && com.destroystokyo.paper.PaperConfig.performUsernameValidation) { + if (!this.iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation && !validateUsername(this.gameProfile.getName())) { + ServerLoginPacketListenerImpl.this.disconnect("Failed to verify username!"); + return; + } + } + // Paper end - validate usernames if (this.server.usesAuthentication() && !this.connection.isMemoryConnection()) { this.state = ServerLoginPacketListenerImpl.State.KEY; this.connection.send(new ClientboundHelloPacket("", this.server.getKeyPair().getPublic().getEncoded(), this.nonce)); diff --git a/src/main/java/net/minecraft/server/players/PlayerList.java b/src/main/java/net/minecraft/server/players/PlayerList.java index 639670e7570beec3dba24b348bc3da0ce0231393..0766abd7334bc76b57fd509c8890701704aa217c 100644 --- a/src/main/java/net/minecraft/server/players/PlayerList.java +++ b/src/main/java/net/minecraft/server/players/PlayerList.java @@ -707,7 +707,7 @@ public abstract class PlayerList { for (int i = 0; i < this.players.size(); ++i) { entityplayer = (ServerPlayer) this.players.get(i); - if (entityplayer.getUUID().equals(uuid)) { + if (entityplayer.getUUID().equals(uuid) || (com.destroystokyo.paper.PaperConfig.isProxyOnlineMode() && entityplayer.getGameProfile().getName().equalsIgnoreCase(gameprofile.getName()))) { // Paper - validate usernames list.add(entityplayer); } }