PaperMC/patches/server/0790-Validate-usernames.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Spottedleaf <Spottedleaf@users.noreply.github.com>
Date: Sat, 1 Jan 2022 05:19:37 -0800
Subject: [PATCH] Validate usernames


diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
index dd599443c7197868eaa0708b4be26f1a341ce4e4..82b55548d4652ec0c25d3dc6da628573a9c9000a 100644
--- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
+++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
@@ -66,6 +66,7 @@ public class ServerLoginPacketListenerImpl implements TickablePacketListener, Se
     @Nullable
     private ProfilePublicKey.Data profilePublicKeyData;
     public String hostname = ""; // CraftBukkit - add field
+    public boolean iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation = false; // Paper - username validation overriding
 
     public ServerLoginPacketListenerImpl(MinecraftServer server, Connection connection) {
         this.state = ServerLoginPacketListenerImpl.State.HELLO;
@@ -245,10 +246,38 @@ public class ServerLoginPacketListenerImpl implements TickablePacketListener, Se
         }
     }
 
+    // Paper start - validate usernames
+    public static boolean validateUsername(String in) {
+        if (in == null || in.isEmpty() || in.length() > 16) {
+            return false;
+        }
+
+        for (int i = 0, len = in.length(); i < len; ++i) {
+            char c = in.charAt(i);
+
+            if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || (c == '_' || c == '.')) {
+                continue;
+            }
+
+            return false;
+        }
+
+        return true;
+    }
+    // Paper end - validate usernames
+
     @Override
     public void handleHello(ServerboundHelloPacket packet) {
         Validate.validState(this.state == ServerLoginPacketListenerImpl.State.HELLO, "Unexpected hello packet", new Object[0]);
         Validate.validState(ServerLoginPacketListenerImpl.isValidUsername(packet.name()), "Invalid characters in username", new Object[0]);
+        // Paper start - validate usernames
+        if (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.isProxyOnlineMode() && io.papermc.paper.configuration.GlobalConfiguration.get().unsupportedSettings.performUsernameValidation) {
+            if (!this.iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation && !validateUsername(packet.name())) {
+                ServerLoginPacketListenerImpl.this.disconnect("Failed to verify username!");
+                return;
+            }
+        }
+        // Paper end - validate usernames
         this.profilePublicKeyData = (ProfilePublicKey.Data) packet.publicKey().orElse(null); // CraftBukkit - decompile error
         GameProfile gameprofile = this.server.getSingleplayerProfile();
 
diff --git a/src/main/java/net/minecraft/server/players/PlayerList.java b/src/main/java/net/minecraft/server/players/PlayerList.java
index 4277f7fdd8f27e57708a8dee59bf1b9052a1ebe4..133bf27e301aa5815cc7d7e275b2b08cdc6e4392 100644
--- a/src/main/java/net/minecraft/server/players/PlayerList.java
+++ b/src/main/java/net/minecraft/server/players/PlayerList.java
@@ -714,7 +714,7 @@ public abstract class PlayerList {
 
         for (int i = 0; i < this.players.size(); ++i) {
             entityplayer = (ServerPlayer) this.players.get(i);
-            if (entityplayer.getUUID().equals(uuid)) {
+            if (entityplayer.getUUID().equals(uuid) || (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.isProxyOnlineMode() && entityplayer.getGameProfile().getName().equalsIgnoreCase(gameprofile.getName()))) { // Paper - validate usernames
                 list.add(entityplayer);
             }
         }
Validate usernames 2022-01-01 14:48:17 +01:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
			`From: Spottedleaf <Spottedleaf@users.noreply.github.com>`
			`Date: Sat, 1 Jan 2022 05:19:37 -0800`
			`Subject: [PATCH] Validate usernames`


			`diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java`
Only limit global sounds to same world if limiting radius (#8499) 2022-10-23 20:52:40 +02:00			`index dd599443c7197868eaa0708b4be26f1a341ce4e4..82b55548d4652ec0c25d3dc6da628573a9c9000a 100644`
Validate usernames 2022-01-01 14:48:17 +01:00			`--- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java`
			`+++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java`
Update modern forwarding to v3 (#8219) 2022-08-08 17:25:41 +02:00			`@@ -66,6 +66,7 @@ public class ServerLoginPacketListenerImpl implements TickablePacketListener, Se`
			`@Nullable`
More more more more more more work 2022-07-27 23:32:15 +02:00			`private ProfilePublicKey.Data profilePublicKeyData;`
Add unsupported field to disable username validation (#7350) * Add unsupported field to disable username validation * Add unsupported field to disable username validation 2022-01-18 04:52:47 +01:00			`public String hostname = ""; // CraftBukkit - add field`
			`+ public boolean iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation = false; // Paper - username validation overriding`

			`public ServerLoginPacketListenerImpl(MinecraftServer server, Connection connection) {`
			`this.state = ServerLoginPacketListenerImpl.State.HELLO;`
Limit size of Authenticator Cache Thread Pool (#8360) 2022-09-17 23:58:51 +02:00			`@@ -245,10 +246,38 @@ public class ServerLoginPacketListenerImpl implements TickablePacketListener, Se`
More more more more more more more more more patches 2022-06-08 14:33:46 +02:00			`}`
Validate usernames 2022-01-01 14:48:17 +01:00			`}`

			`+ // Paper start - validate usernames`
			`+ public static boolean validateUsername(String in) {`
			`+ if (in == null \|\| in.isEmpty() \|\| in.length() > 16) {`
			`+ return false;`
			`+ }`
			`+`
			`+ for (int i = 0, len = in.length(); i < len; ++i) {`
			`+ char c = in.charAt(i);`
			`+`
Allow . in usernames 2022-01-01 20:50:44 +01:00			`+ if ((c >= 'a' && c <= 'z') \|\| (c >= 'A' && c <= 'Z') \|\| (c >= '0' && c <= '9') \|\| (c == '_' \|\| c == '.')) {`
Validate usernames 2022-01-01 14:48:17 +01:00			`+ continue;`
			`+ }`
			`+`
			`+ return false;`
			`+ }`
			`+`
			`+ return true;`
			`+ }`
			`+ // Paper end - validate usernames`
			`+`
			`@Override`
			`public void handleHello(ServerboundHelloPacket packet) {`
			`Validate.validState(this.state == ServerLoginPacketListenerImpl.State.HELLO, "Unexpected hello packet", new Object[0]);`
More more more more more more more more more patches 2022-06-08 14:33:46 +02:00			`Validate.validState(ServerLoginPacketListenerImpl.isValidUsername(packet.name()), "Invalid characters in username", new Object[0]);`
Validate usernames 2022-01-01 14:48:17 +01:00			`+ // Paper start - validate usernames`
Move to configurate for paper.yml (#7609) 2022-06-09 10:51:45 +02:00			`+ if (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.isProxyOnlineMode() && io.papermc.paper.configuration.GlobalConfiguration.get().unsupportedSettings.performUsernameValidation) {`
More more more more more more more more more patches 2022-06-08 14:33:46 +02:00			`+ if (!this.iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation && !validateUsername(packet.name())) {`
Validate usernames 2022-01-01 14:48:17 +01:00			`+ ServerLoginPacketListenerImpl.this.disconnect("Failed to verify username!");`
			`+ return;`
			`+ }`
			`+ }`
			`+ // Paper end - validate usernames`
More more more more more more work 2022-07-27 23:32:15 +02:00			`this.profilePublicKeyData = (ProfilePublicKey.Data) packet.publicKey().orElse(null); // CraftBukkit - decompile error`
			`GameProfile gameprofile = this.server.getSingleplayerProfile();`
More more more more more more more more more patches 2022-06-08 14:33:46 +02:00
Validate usernames 2022-01-01 14:48:17 +01:00			`diff --git a/src/main/java/net/minecraft/server/players/PlayerList.java b/src/main/java/net/minecraft/server/players/PlayerList.java`
Rewrite chunk system (#8177) Patch documentation to come Issues with the old system that are fixed now: - World generation does not scale with cpu cores effectively. - Relies on the main thread for scheduling and maintaining chunk state, dropping chunk load/generate rates at lower tps. - Unreliable prioritisation of chunk gen/load calls that block the main thread. - Shutdown logic is utterly unreliable, as it has to wait for all chunks to unload - is it guaranteed that the chunk system is in a state on shutdown that it can reliably do this? Watchdog shutdown also typically failed due to thread checks, which is now resolved. - Saving of data is not unified (i.e can save chunk data without saving entity data, poses problems for desync if shutdown is really abnormal. - Entities are not loaded with chunks. This caused quite a bit of headache for Chunk#getEntities API, but now the new chunk system loads entities with chunks so that they are ready whenever the chunk loads in. Effectively brings the behavior back to 1.16 era, but still storing entities in their own separate regionfiles. The above list is not complete. The patch documentation will complete it. New chunk system hard relies on starlight and dataconverter, and most importantly the new concurrent utilities in ConcurrentUtil. Some of the old async chunk i/o interface (i.e the old file io thread reroutes _some_ calls to the new file io thread) is kept for plugin compat reasons. It will be removed in the next major version of minecraft. The old legacy chunk system patches have been moved to the removed folder in case we need them again. 2022-09-26 10:02:51 +02:00			`index 4277f7fdd8f27e57708a8dee59bf1b9052a1ebe4..133bf27e301aa5815cc7d7e275b2b08cdc6e4392 100644`
Validate usernames 2022-01-01 14:48:17 +01:00			`--- a/src/main/java/net/minecraft/server/players/PlayerList.java`
			`+++ b/src/main/java/net/minecraft/server/players/PlayerList.java`
Re-arrange most chunk system patches to front (#8338) * Re-arrange most chunk system patches to front Co-authored-by: Spottedleaf <Spottedleaf@users.noreply.github.com> 2022-09-01 18:51:59 +02:00			`@@ -714,7 +714,7 @@ public abstract class PlayerList {`
Validate usernames 2022-01-01 14:48:17 +01:00
			`for (int i = 0; i < this.players.size(); ++i) {`
			`entityplayer = (ServerPlayer) this.players.get(i);`
			`- if (entityplayer.getUUID().equals(uuid)) {`
Move to configurate for paper.yml (#7609) 2022-06-09 10:51:45 +02:00			`+ if (entityplayer.getUUID().equals(uuid) \|\| (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.isProxyOnlineMode() && entityplayer.getGameProfile().getName().equalsIgnoreCase(gameprofile.getName()))) { // Paper - validate usernames`
Validate usernames 2022-01-01 14:48:17 +01:00			`list.add(entityplayer);`
			`}`
			`}`