Restore the check that makes sure mob paths start from their spawn point

This was added in 599bbedd and accidentally removed during the TableData
refactor in c960b062.

.github/workflows/check-builds.yaml

@@ -29,7 +29,7 @@ jobs:
           submodules: recursive
           fetch-depth: 0
       - name: Install dependencies
-        run: sudo apt install clang cmake snap -y && sudo snap install powershell --classic
+        run: sudo apt install clang cmake snap libsqlite3-dev -y && sudo snap install powershell --classic
       - name: Check compilation
         run: |
           $versions = "104", "728", "1013"
@@ -113,7 +113,7 @@ jobs:
 
   copy-artifacts:
     if: github.event_name != 'pull_request' && github.ref == 'refs/heads/master'
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     needs: [windows-build, ubuntu-build]
     env:
       BOT_SSH_KEY: ${{ secrets.BOT_SSH_KEY }}

.github/workflows/push-docker-image.yml

@@ -11,11 +11,6 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
-    strategy:
-      matrix:
-        platforms:
-          - linux/amd64
-          - linux/arm64
     steps:
       - uses: actions/checkout@v4
       - name: Retrieve major version
@@ -31,11 +26,13 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - name: Build and push the Docker image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: ./Dockerfile
-          platforms: ${{ matrix.platforms }}
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ secrets.DOCKERHUB_REPOSITORY }}:${{ github.ref_name }},${{ secrets.DOCKERHUB_REPOSITORY }}:${{ steps.split.outputs._0 }},${{ secrets.DOCKERHUB_REPOSITORY }}:latest

Dockerfile

@@ -1,5 +1,5 @@
 # build
-FROM debian:stable-slim as build
+FROM debian:stable-slim AS build
 
 WORKDIR /usr/src/app
 
@@ -14,7 +14,7 @@ COPY vendor ./vendor
 COPY .git ./.git
 COPY Makefile CMakeLists.txt version.h.in ./
 
-RUN make -j8
+RUN make nosandbox -j$(nproc)
 
 # prod
 FROM debian:stable-slim
@@ -29,4 +29,8 @@ COPY sql ./sql
 
 CMD ["/bin/fusion"]
 
-LABEL Name=openfusion Version=0.0.2
+EXPOSE 23000/tcp
+EXPOSE 23001/tcp
+EXPOSE 8001/tcp
+
+LABEL Name=openfusion Version=1.6.0

Makefile

@@ -133,8 +133,8 @@ HDR=$(CHDR) $(CXXHDR)
 all: $(SERVER)
 
 windows: $(SERVER)
-
 nosandbox: $(SERVER)
+nolandlock: $(SERVER)
 
 # assign Windows-specific values if targeting Windows
 windows : CC=$(WIN_CC)
@@ -145,6 +145,7 @@ windows : LDFLAGS=$(WIN_LDFLAGS)
 windows : SERVER=$(WIN_SERVER)
 
 nosandbox : CFLAGS+=-DCONFIG_NOSANDBOX=1
+nolandlock : CFLAGS+=-DCONFIG_NOLANDLOCK=1
 
 .SUFFIXES: .o .c .cpp .h .hpp
 
@@ -167,7 +168,7 @@ version.h:
 
 src/main.o: version.h
 
-.PHONY: all windows nosandbox clean nuke
+.PHONY: all windows nosandbox nolandlock clean nuke
 
 # only gets rid of OpenFusion objects, so we don't need to
 # recompile the libs every time

config.ini

@@ -102,5 +102,8 @@ eventmode=0
 enabled=false
 # the port to listen for connections on
 port=8003
+# The local IP to listen on.
+# Do not change this unless you know what you're doing.
+listenip=127.0.0.1
 # how often the listeners should be updated (in milliseconds)
 interval=5000

docker-compose.yml

@@ -1,11 +1,9 @@
-version: '3.4'
-
 services:
   openfusion:
-    image: openfusion
     build:
       context: .
       dockerfile: ./Dockerfile
+    image: openfusion/openfusion:latest
     volumes:
       - ./config.ini:/usr/src/app/config.ini
       - ./database.db:/usr/src/app/database.db

src/MobAI.cpp

@@ -478,6 +478,14 @@ void MobAI::deadStep(CombatNPC* npc, time_t currTime) {
     if (self->groupLeader == self->id)
         roamingStep(self, currTime);
 
+    /*
+     * If the mob hasn't fully despanwed yet, don't try to respawn it. This protects
+     * against the edge case where mobs with a very short regenTime would try to respawn
+     * before they've faded away; and would respawn even if they were meant to be removed.
+     */
+    if (!self->despawned)
+        return;
+
     if (self->killedTime != 0 && currTime - self->killedTime < self->regenTime * 100)
         return;
 

src/Transport.cpp

@@ -388,8 +388,21 @@ NPCPath* Transport::findApplicablePath(int32_t id, int32_t type, int taskID) {
 
 void Transport::constructPathNPC(int32_t id, NPCPath* path) {
     BaseNPC* npc = NPCManager::NPCs[id];
-    if (npc->kind == EntityKind::MOB)
-        ((Mob*)(npc))->staticPath = true;
+
+    if (npc->kind == EntityKind::MOB) {
+        auto mob = (Mob*)npc;
+        mob->staticPath = true;
+
+        Vec3 firstPoint = path->points.front();
+
+        // Ensure that the first point coincides with the mob's spawn point.
+        if (mob->spawnX != firstPoint.x || mob->spawnY != firstPoint.y) {
+            std::cout << "[FATAL] The first point of the route for mob " << mob->id << " (type " << mob->type
+                << ") does not correspond with its spawn point." << std::endl;
+            exit(1);
+        }
+    }
+
     npc->loopingPath = path->isLoop;
 
     // Interpolate

src/core/CNProtocol.cpp

@@ -428,7 +428,7 @@ void CNServer::removePollFD(int fd) {
 }
 
 void CNServer::start() {
-    std::cout << "Starting server at *:" << port << std::endl;
+    std::cout << "Starting " << serverType << " server at *:" << port << std::endl;
     while (active) {
         // the timeout is to ensure shard timers are ticking
         int n = poll(fds.data(), fds.size(), 50);

src/main.cpp

@@ -49,6 +49,7 @@ CNShardServer *shardServer = nullptr;
 std::thread *shardThread = nullptr;
 
 void startShard(CNShardServer* server) {
+    sandbox_thread_start();
     server->start();
 }
 
@@ -150,6 +151,8 @@ int main() {
         /* not reached */
     }
 
+    sandbox_init();
+
     std::cout << "[INFO] Starting Server Threads..." << std::endl;
     CNLoginServer loginServer(settings::LOGINPORT);
     shardServer = new CNShardServer(settings::SHARDPORT);
@@ -157,6 +160,7 @@ int main() {
     shardThread = new std::thread(startShard, (CNShardServer*)shardServer);
 
     sandbox_start();
+    sandbox_thread_start();
 
     loginServer.start();
 

src/sandbox/Sandbox.hpp

@@ -4,11 +4,16 @@
 #if defined(__linux__) || defined(__OpenBSD__)
 
 # if !defined(CONFIG_NOSANDBOX)
+void sandbox_init();
 void sandbox_start();
+void sandbox_thread_start();
 # else
 
 #include <iostream>
 
+inline void sandbox_init() {}
+inline void sandbox_thread_start() {}
+
 inline void sandbox_start() {
     std::cout << "[WARN] Built without a sandbox" << std::endl;
 }
@@ -17,5 +22,7 @@ inline void sandbox_start() {
 
 #else
 // stub for unsupported platforms
+inline void sandbox_init() {}
 inline void sandbox_start() {}
+inline void sandbox_thread_start() {}
 #endif

src/sandbox/openbsd.cpp

@@ -13,6 +13,9 @@ static void eunveil(const char *path, const char *permissions) {
         err(1, "unveil");
 }
 
+void sandbox_init() {}
+void sandbox_thread_start() {}
+
 void sandbox_start() {
     /*
      * There shouldn't ever be a reason to disable this one, but might as well

src/sandbox/seccomp.cpp

@@ -4,6 +4,9 @@
 #include "settings.hpp"
 
 #include <stdlib.h>
+#include <fcntl.h>
+
+#include <filesystem>
 
 #include <sys/prctl.h>
 #include <sys/ptrace.h>
@@ -17,6 +20,10 @@
 #include <linux/audit.h>
 #include <linux/net.h> // for socketcall() args
 
+#ifndef CONFIG_NOLANDLOCK
+#include <linux/landlock.h>
+#endif
+
 /*
  * Macros adapted from https://outflux.net/teach-seccomp/
  * Relevant license:
@@ -54,7 +61,7 @@
     BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno))
 
 #define KILL_PROCESS \
-    BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_PROCESS)
+    BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_TRAP)
 
 /*
  * Macros adapted from openssh's sandbox-seccomp-filter.c
@@ -297,25 +304,201 @@ static sock_fprog prog = {
     ARRLEN(filter), filter
 };
 
-// our own wrapper for the seccomp() syscall
+// Our own wrapper for the seccomp() syscall.
 int seccomp(unsigned int operation, unsigned int flags, void *args) {
     return syscall(__NR_seccomp, operation, flags, args);
 }
 
-void sandbox_start() {
+#ifndef CONFIG_NOLANDLOCK
+
+// Support compilation on systems that only have older Landlock headers.
+#ifndef LANDLOCK_ACCESS_FS_REFER
+#define LANDLOCK_ACCESS_FS_REFER 0
+#endif
+#ifndef LANDLOCK_ACCESS_FS_TRUNCATE
+#define LANDLOCK_ACCESS_FS_TRUNCATE 0
+#endif
+
+struct landlock_ruleset_attr ruleset_attr = {
+    .handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE
+        | LANDLOCK_ACCESS_FS_WRITE_FILE
+        | LANDLOCK_ACCESS_FS_READ_DIR
+        | LANDLOCK_ACCESS_FS_MAKE_REG
+        | LANDLOCK_ACCESS_FS_MAKE_DIR
+        | LANDLOCK_ACCESS_FS_MAKE_SYM
+        | LANDLOCK_ACCESS_FS_MAKE_SOCK
+        | LANDLOCK_ACCESS_FS_MAKE_FIFO
+        | LANDLOCK_ACCESS_FS_MAKE_BLOCK
+        | LANDLOCK_ACCESS_FS_REMOVE_FILE
+        | LANDLOCK_ACCESS_FS_REMOVE_DIR
+        | LANDLOCK_ACCESS_FS_TRUNCATE
+        | LANDLOCK_ACCESS_FS_REFER
+};
+
+uint64_t landlock_perms = LANDLOCK_ACCESS_FS_READ_FILE
+    | LANDLOCK_ACCESS_FS_WRITE_FILE
+    | LANDLOCK_ACCESS_FS_TRUNCATE
+    | LANDLOCK_ACCESS_FS_MAKE_REG
+    | LANDLOCK_ACCESS_FS_REMOVE_FILE;
+
+int landlock_fd;
+bool landlock_supported;
+
+/*
+ * Our own wrappers for Landlock syscalls.
+ */
+
+int landlock_create_ruleset(const struct landlock_ruleset_attr *attr, size_t size, uint32_t flags) {
+    return syscall(__NR_landlock_create_ruleset, attr, size, flags);
+}
+
+int landlock_add_rule(int ruleset_fd, enum landlock_rule_type rule_type, const void *rule_attr, uint32_t flags) {
+    return syscall(__NR_landlock_add_rule, ruleset_fd, rule_type, rule_attr, flags);
+}
+
+int landlock_restrict_self(int ruleset_fd, uint32_t flags) {
+    return syscall(__NR_landlock_restrict_self, ruleset_fd, flags);
+}
+
+static void landlock_path(std::string path, uint32_t perms) {
+    struct landlock_path_beneath_attr path_beneath = {
+        .allowed_access = perms
+    };
+
+    path_beneath.parent_fd = open(path.c_str(), O_PATH|O_CLOEXEC);
+    if (path_beneath.parent_fd < 0) {
+        perror(path.c_str());
+        exit(1);
+    }
+
+    if (landlock_add_rule(landlock_fd, LANDLOCK_RULE_PATH_BENEATH, &path_beneath, 0)) {
+        perror("landlock_add_rule");
+        exit(1);
+    }
+
+    close(path_beneath.parent_fd);
+}
+
+static bool landlock_detect() {
+    int abi = landlock_create_ruleset(NULL, 0, LANDLOCK_CREATE_RULESET_VERSION);
+
+    if (abi < 0) {
+        if (errno == ENOSYS || errno == EOPNOTSUPP) {
+            std::cout << "[WARN] No Landlock support on this system" << std::endl;
+            return false;
+        }
+        perror("landlock_create_ruleset");
+        exit(1);
+    }
+
+    std::cout << "[INFO] Detected Landlock ABI version: " << abi << std::endl;
+
+    switch (abi) {
+    case 1:
+        ruleset_attr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_REFER;
+        landlock_perms &= ~LANDLOCK_ACCESS_FS_REFER;
+        // fallthrough
+    case 2:
+        ruleset_attr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_TRUNCATE;
+        landlock_perms &= ~LANDLOCK_ACCESS_FS_TRUNCATE;
+    }
+
+    return true;
+}
+
+static void landlock_init() {
+    std::cout << "[INFO] Setting up Landlock sandbox..." << std::endl;
+
+    landlock_supported = landlock_detect();
+
+    if (!landlock_supported)
+        return;
+
+    landlock_fd = landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
+    if (landlock_fd < 0) {
+        perror("landlock_create_ruleset");
+        exit(1);
+    }
+
+    std::string dbdir = std::filesystem::path(settings::DBPATH).parent_path();
+
+    // for the DB files (we can't rely on them being in the working directory)
+    landlock_path(dbdir == "" ? "." : dbdir, landlock_perms);
+    // for writing the gruntwork file
+    landlock_path(settings::TDATADIR, landlock_perms);
+    // for passowrd salting during account creation
+    landlock_path("/dev/urandom", LANDLOCK_ACCESS_FS_READ_FILE);
+    // for core dumps, optionally
+    if (settings::SANDBOXEXTRAPATH != "")
+        landlock_path(settings::SANDBOXEXTRAPATH, landlock_perms);
+}
+
+#endif // !CONFIG_NOLANDLOCK
+
+static void sigsys_handler(int signo, siginfo_t *info, void *context) {
+    // report the unhandled syscall
+    std::cout << "[FATAL] Unhandled syscall " << info->si_syscall
+       << " at " << std::hex << info->si_call_addr << " on arch " << info->si_arch << std::endl;
+
+    std::cout << "If you're unsure why this is happening, please read https://openfusion.dev/docs/development/the-sandbox/" << std::endl
+              << "for more information and possibly open an issue at https://github.com/OpenFusionProject/OpenFusion/issues to report"
+              << " needed changes in our seccomp filter." << std::endl;
+
+    exit(1);
+}
+
+void sandbox_init() {
     if (!settings::SANDBOX) {
         std::cout << "[WARN] Running without a sandbox" << std::endl;
         return;
     }
 
+    // listen to SIGSYS to report unhandled syscalls
+    struct sigaction sa = {};
+
+    sa.sa_flags = SA_SIGINFO;
+    sa.sa_sigaction = sigsys_handler;
+
+    if (sigaction(SIGSYS, &sa, NULL) < 0) {
+        perror("sigaction");
+        exit(1);
+    }
+
+#ifndef CONFIG_NOLANDLOCK
+    landlock_init();
+#else
+    std::cout << "[WARN] Built without Landlock" << std::endl;
+#endif
+}
+
+void sandbox_start() {
+    if (!settings::SANDBOX)
+        return;
+
     std::cout << "[INFO] Starting seccomp-bpf sandbox..." << std::endl;
 
+    // Sandboxing starts in sandbox_thread_start().
+}
+
+void sandbox_thread_start() {
+    if (!settings::SANDBOX)
+        return;
+
     if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
         perror("prctl");
         exit(1);
     }
 
-    if (seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC, &prog) < 0) {
+#ifndef CONFIG_NOLANDLOCK
+    if (landlock_supported) {
+        if (landlock_restrict_self(landlock_fd, 0)) {
+            perror("landlock_restrict_self");
+            exit(1);
+        }
+    }
+#endif
+
+    if (seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog) < 0) {
         perror("seccomp");
         exit(1);
     }

src/servers/Monitor.cpp

@@ -180,9 +180,14 @@ SOCKET Monitor::init() {
     }
 
     address.sin_family = AF_INET;
-    address.sin_addr.s_addr = INADDR_ANY;
     address.sin_port = htons(settings::MONITORPORT);
 
+    if (!inet_pton(AF_INET, settings::MONITORLISTENIP.c_str(), &address.sin_addr)) {
+        std::cout << "Failed to set monitor listen address" << std::endl;
+        printSocketError("inet_pton");
+        exit(1);
+    }
+
     if (SOCKETERROR(bind(listener, (struct sockaddr*)&address, sizeof(address)))) {
         std::cout << "Failed to bind to monitor port" << std::endl;
         printSocketError("bind");
@@ -206,7 +211,7 @@ SOCKET Monitor::init() {
         exit(EXIT_FAILURE);
     }
 
-    std::cout << "Monitor listening on *:" << settings::MONITORPORT << std::endl;
+    std::cout << "Monitor listening on " << settings::MONITORLISTENIP << ":" << settings::MONITORPORT << std::endl;
 
     REGISTER_SHARD_TIMER(tick, settings::MONITORINTERVAL);
 

src/settings.cpp

@@ -9,6 +9,7 @@
 // defaults :)
 int settings::VERBOSITY = 1;
 bool settings::SANDBOX = true;
+std::string settings::SANDBOXEXTRAPATH = "";
 
 int settings::LOGINPORT = 23000;
 bool settings::APPROVEALLNAMES = true;
@@ -63,6 +64,7 @@ bool settings::DISABLEFIRSTUSEFLAG = true;
 // monitor settings
 bool settings::MONITORENABLED = false;
 int settings::MONITORPORT = 8003;
+std::string settings::MONITORLISTENIP = "127.0.0.1";
 int settings::MONITORINTERVAL = 5000;
 
 // event mode settings
@@ -85,6 +87,7 @@ void settings::init() {
 
     VERBOSITY = reader.GetInteger("", "verbosity", VERBOSITY);
     SANDBOX = reader.GetBoolean("", "sandbox", SANDBOX);
+    SANDBOXEXTRAPATH = reader.Get("", "sandboxextrapath", SANDBOXEXTRAPATH);
     LOGINPORT = reader.GetInteger("login", "port", LOGINPORT);
     APPROVEALLNAMES = reader.GetBoolean("login", "acceptallcustomnames", APPROVEALLNAMES);
     AUTOCREATEACCOUNTS = reader.GetBoolean("login", "autocreateaccounts", AUTOCREATEACCOUNTS);
@@ -119,5 +122,6 @@ void settings::init() {
     IZRACESCORECAPPED = reader.GetBoolean("shard", "izracescorecapped", IZRACESCORECAPPED);
     MONITORENABLED = reader.GetBoolean("monitor", "enabled", MONITORENABLED);
     MONITORPORT = reader.GetInteger("monitor", "port", MONITORPORT);
+    MONITORLISTENIP = reader.Get("monitor", "listenip", MONITORLISTENIP);
     MONITORINTERVAL = reader.GetInteger("monitor", "interval", MONITORINTERVAL);
 }

src/settings.hpp

@@ -5,6 +5,7 @@
 namespace settings {
     extern int VERBOSITY;
     extern bool SANDBOX;
+    extern std::string SANDBOXEXTRAPATH;
     extern int LOGINPORT;
     extern bool APPROVEALLNAMES;
     extern bool AUTOCREATEACCOUNTS;
@@ -37,6 +38,7 @@ namespace settings {
     extern int EVENTMODE;
     extern bool MONITORENABLED;
     extern int MONITORPORT;
+    extern std::string MONITORLISTENIP;
     extern int MONITORINTERVAL;
     extern bool DISABLEFIRSTUSEFLAG;
     extern bool IZRACESCORECAPPED;