Restricting client commands breaks vanilla compatibility.

[GeckoEidechse]

Unlike vanilla, gameservers in Northstar are considered "untrusted". As such we have to vet commands sent to client by server.

When fixed our previously broken client command restriction with #210 we also broke vanilla compatibility again.

In particular it breaks matchmaking as (it seems that) when finding a match the server sends a client command to client that causes it to connect to that game server.

Adding -norestrictservercommands should allow matchmaking in vanilla at the cost of reduced security due to allowing server to run commands on client.

If you're using Northstar to play on vanilla and Northstar servers, it's recommended to deleting -norestrictservercommands when playing on Northstar servers.

[rolelessweapon]

It appears this could be due to the "migrateme" command being blocked, which I've fixed in my PR. #189

[GeckoEidechse]

I'm not sure if we do want to allow it though. Cause it could allow an attacker to move you onto a different server. That being said, if an attacker is able to execute that command they likely already have some way of getting ClientCommands to run on your client.

[rolelessweapon]

Couldn't they just run connect?

[GeckoEidechse]

Couldn't they just run connect?

Nope, we block that.

[rolelessweapon]

Actually, it appears migrateme is forwarded from the client to the server.
So for some reason, the server (or maybe some internal code in the client that passes the wrong argume to CBuf_AddText) generates the migrateme command, executes it on the client, which then gets forwarded back to the server.
Migrateme looks completely harmless.