auth.lua 6.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217
  1. -- Minetest: builtin/auth.lua
  2. --
  3. -- Authentication handler
  4. --
  5. function core.string_to_privs(str, delim)
  6. assert(type(str) == "string")
  7. delim = delim or ','
  8. local privs = {}
  9. for _, priv in pairs(string.split(str, delim)) do
  10. privs[priv:trim()] = true
  11. end
  12. return privs
  13. end
  14. function core.privs_to_string(privs, delim)
  15. assert(type(privs) == "table")
  16. delim = delim or ','
  17. local list = {}
  18. for priv, bool in pairs(privs) do
  19. if bool then
  20. list[#list + 1] = priv
  21. end
  22. end
  23. return table.concat(list, delim)
  24. end
  25. assert(core.string_to_privs("a,b").b == true)
  26. assert(core.privs_to_string({a=true,b=true}) == "a,b")
  27. core.auth_file_path = core.get_worldpath().."/auth.txt"
  28. core.auth_table = {}
  29. local function read_auth_file()
  30. local newtable = {}
  31. local file, errmsg = io.open(core.auth_file_path, 'rb')
  32. if not file then
  33. core.log("info", core.auth_file_path.." could not be opened for reading ("..errmsg.."); assuming new world")
  34. return
  35. end
  36. for line in file:lines() do
  37. if line ~= "" then
  38. local fields = line:split(":", true)
  39. local name, password, privilege_string, last_login = unpack(fields)
  40. last_login = tonumber(last_login)
  41. if not (name and password and privilege_string) then
  42. error("Invalid line in auth.txt: "..dump(line))
  43. end
  44. local privileges = core.string_to_privs(privilege_string)
  45. newtable[name] = {password=password, privileges=privileges, last_login=last_login}
  46. end
  47. end
  48. io.close(file)
  49. core.auth_table = newtable
  50. core.notify_authentication_modified()
  51. end
  52. local function save_auth_file()
  53. local newtable = {}
  54. -- Check table for validness before attempting to save
  55. for name, stuff in pairs(core.auth_table) do
  56. assert(type(name) == "string")
  57. assert(name ~= "")
  58. assert(type(stuff) == "table")
  59. assert(type(stuff.password) == "string")
  60. assert(type(stuff.privileges) == "table")
  61. assert(stuff.last_login == nil or type(stuff.last_login) == "number")
  62. end
  63. local content = {}
  64. for name, stuff in pairs(core.auth_table) do
  65. local priv_string = core.privs_to_string(stuff.privileges)
  66. local parts = {name, stuff.password, priv_string, stuff.last_login or ""}
  67. content[#content + 1] = table.concat(parts, ":")
  68. end
  69. if not core.safe_file_write(core.auth_file_path, table.concat(content, "\n")) then
  70. error(core.auth_file_path.." could not be written to")
  71. end
  72. end
  73. read_auth_file()
  74. core.builtin_auth_handler = {
  75. get_auth = function(name)
  76. assert(type(name) == "string")
  77. -- Figure out what password to use for a new player (singleplayer
  78. -- always has an empty password, otherwise use default, which is
  79. -- usually empty too)
  80. local new_password_hash = ""
  81. -- If not in authentication table, return nil
  82. if not core.auth_table[name] then
  83. return nil
  84. end
  85. -- Figure out what privileges the player should have.
  86. -- Take a copy of the privilege table
  87. local privileges = {}
  88. for priv, _ in pairs(core.auth_table[name].privileges) do
  89. privileges[priv] = true
  90. end
  91. -- If singleplayer, give all privileges except those marked as give_to_singleplayer = false
  92. if core.is_singleplayer() then
  93. for priv, def in pairs(core.registered_privileges) do
  94. if def.give_to_singleplayer then
  95. privileges[priv] = true
  96. end
  97. end
  98. -- For the admin, give everything
  99. elseif name == core.settings:get("name") then
  100. for priv, def in pairs(core.registered_privileges) do
  101. privileges[priv] = true
  102. end
  103. end
  104. -- All done
  105. return {
  106. password = core.auth_table[name].password,
  107. privileges = privileges,
  108. -- Is set to nil if unknown
  109. last_login = core.auth_table[name].last_login,
  110. }
  111. end,
  112. create_auth = function(name, password)
  113. assert(type(name) == "string")
  114. assert(type(password) == "string")
  115. core.log('info', "Built-in authentication handler adding player '"..name.."'")
  116. core.auth_table[name] = {
  117. password = password,
  118. privileges = core.string_to_privs(core.settings:get("default_privs")),
  119. last_login = os.time(),
  120. }
  121. save_auth_file()
  122. end,
  123. set_password = function(name, password)
  124. assert(type(name) == "string")
  125. assert(type(password) == "string")
  126. if not core.auth_table[name] then
  127. core.builtin_auth_handler.create_auth(name, password)
  128. else
  129. core.log('info', "Built-in authentication handler setting password of player '"..name.."'")
  130. core.auth_table[name].password = password
  131. save_auth_file()
  132. end
  133. return true
  134. end,
  135. set_privileges = function(name, privileges)
  136. assert(type(name) == "string")
  137. assert(type(privileges) == "table")
  138. if not core.auth_table[name] then
  139. core.builtin_auth_handler.create_auth(name,
  140. core.get_password_hash(name,
  141. core.settings:get("default_password")))
  142. end
  143. core.auth_table[name].privileges = privileges
  144. core.notify_authentication_modified(name)
  145. save_auth_file()
  146. end,
  147. reload = function()
  148. read_auth_file()
  149. return true
  150. end,
  151. record_login = function(name)
  152. assert(type(name) == "string")
  153. assert(core.auth_table[name]).last_login = os.time()
  154. save_auth_file()
  155. end,
  156. }
  157. function core.register_authentication_handler(handler)
  158. if core.registered_auth_handler then
  159. error("Add-on authentication handler already registered by "..core.registered_auth_handler_modname)
  160. end
  161. core.registered_auth_handler = handler
  162. core.registered_auth_handler_modname = core.get_current_modname()
  163. handler.mod_origin = core.registered_auth_handler_modname
  164. end
  165. function core.get_auth_handler()
  166. return core.registered_auth_handler or core.builtin_auth_handler
  167. end
  168. local function auth_pass(name)
  169. return function(...)
  170. local auth_handler = core.get_auth_handler()
  171. if auth_handler[name] then
  172. return auth_handler[name](...)
  173. end
  174. return false
  175. end
  176. end
  177. core.set_player_password = auth_pass("set_password")
  178. core.set_player_privs = auth_pass("set_privileges")
  179. core.auth_reload = auth_pass("reload")
  180. local record_login = auth_pass("record_login")
  181. core.register_on_joinplayer(function(player)
  182. record_login(player:get_player_name())
  183. end)
  184. core.register_on_prejoinplayer(function(name, ip)
  185. local auth = core.auth_table
  186. if auth[name] ~= nil then
  187. return
  188. end
  189. local name_lower = name:lower()
  190. for k in pairs(auth) do
  191. if k:lower() == name_lower then
  192. return string.format("\nCannot create new player called '%s'. "..
  193. "Another account called '%s' is already registered. "..
  194. "Please check the spelling if it's your account "..
  195. "or use a different nickname.", name, k)
  196. end
  197. end
  198. end)