builtin/game/auth.lua

   1 -- Minetest: builtin/auth.lua
   2
   3 --
   4 -- Authentication handler
   5 --
   6
   7 core.auth_file_path = core.get_worldpath().."/auth.txt"
   8 core.auth_table = {}
   9
  10 local function read_auth_file()
  11         local newtable = {}
  12         local file, errmsg = io.open(core.auth_file_path, 'rb')
  13         if not file then
  14                 core.log("info", core.auth_file_path.." could not be opened for reading ("..errmsg.."); assuming new world")
  15                 return
  16         end
  17         for line in file:lines() do
  18                 if line ~= "" then
  19                         local fields = line:split(":", true)
  20                         local name, password, privilege_string, last_login = unpack(fields)
  21                         last_login = tonumber(last_login)
  22                         if not (name and password and privilege_string) then
  23                                 error("Invalid line in auth.txt: "..dump(line))
  24                         end
  25                         local privileges = core.string_to_privs(privilege_string)
  26                         newtable[name] = {password=password, privileges=privileges, last_login=last_login}
  27                 end
  28         end
  29         io.close(file)
  30         core.auth_table = newtable
  31         core.notify_authentication_modified()
  32 end
  33
  34 local function save_auth_file()
  35         local newtable = {}
  36         -- Check table for validness before attempting to save
  37         for name, stuff in pairs(core.auth_table) do
  38                 assert(type(name) == "string")
  39                 assert(name ~= "")
  40                 assert(type(stuff) == "table")
  41                 assert(type(stuff.password) == "string")
  42                 assert(type(stuff.privileges) == "table")
  43                 assert(stuff.last_login == nil or type(stuff.last_login) == "number")
  44         end
  45         local content = ""
  46         for name, stuff in pairs(core.auth_table) do
  47                 local priv_string = core.privs_to_string(stuff.privileges)
  48                 local parts = {name, stuff.password, priv_string, stuff.last_login or ""}
  49                 content = content .. table.concat(parts, ":") .. "\n"
  50         end
  51         if not core.safe_file_write(core.auth_file_path, content) then
  52                 error(core.auth_file_path.." could not be written to")
  53         end
  54 end
  55
  56 read_auth_file()
  57
  58 core.builtin_auth_handler = {
  59         get_auth = function(name)
  60                 assert(type(name) == "string")
  61                 -- Figure out what password to use for a new player (singleplayer
  62                 -- always has an empty password, otherwise use default, which is
  63                 -- usually empty too)
  64                 local new_password_hash = ""
  65                 -- If not in authentication table, return nil
  66                 if not core.auth_table[name] then
  67                         return nil
  68                 end
  69                 -- Figure out what privileges the player should have.
  70                 -- Take a copy of the privilege table
  71                 local privileges = {}
  72                 for priv, _ in pairs(core.auth_table[name].privileges) do
  73                         privileges[priv] = true
  74                 end
  75                 -- If singleplayer, give all privileges except those marked as give_to_singleplayer = false
  76                 if core.is_singleplayer() then
  77                         for priv, def in pairs(core.registered_privileges) do
  78                                 if def.give_to_singleplayer then
  79                                         privileges[priv] = true
  80                                 end
  81                         end
  82                 -- For the admin, give everything
  83                 elseif name == core.settings:get("name") then
  84                         for priv, def in pairs(core.registered_privileges) do
  85                                 if def.give_to_admin then
  86                                         privileges[priv] = true
  87                                 end
  88                         end
  89                 end
  90                 -- All done
  91                 return {
  92                         password = core.auth_table[name].password,
  93                         privileges = privileges,
  94                         -- Is set to nil if unknown
  95                         last_login = core.auth_table[name].last_login,
  96                 }
  97         end,
  98         create_auth = function(name, password)
  99                 assert(type(name) == "string")
 100                 assert(type(password) == "string")
 101                 core.log('info', "Built-in authentication handler adding player '"..name.."'")
 102                 core.auth_table[name] = {
 103                         password = password,
 104                         privileges = core.string_to_privs(core.settings:get("default_privs")),
 105                         last_login = os.time(),
 106                 }
 107                 save_auth_file()
 108         end,
 109         set_password = function(name, password)
 110                 assert(type(name) == "string")
 111                 assert(type(password) == "string")
 112                 if not core.auth_table[name] then
 113                         core.builtin_auth_handler.create_auth(name, password)
 114                 else
 115                         core.log('info', "Built-in authentication handler setting password of player '"..name.."'")
 116                         core.auth_table[name].password = password
 117                         save_auth_file()
 118                 end
 119                 return true
 120         end,
 121         set_privileges = function(name, privileges)
 122                 assert(type(name) == "string")
 123                 assert(type(privileges) == "table")
 124                 if not core.auth_table[name] then
 125                         core.builtin_auth_handler.create_auth(name,
 126                                 core.get_password_hash(name,
 127                                         core.settings:get("default_password")))
 128                 end
 129
 130                 -- Run grant callbacks
 131                 for priv, _ in pairs(privileges) do
 132                         if not core.auth_table[name].privileges[priv] then
 133                                 core.run_priv_callbacks(name, priv, nil, "grant")
 134                         end
 135                 end
 136
 137                 -- Run revoke callbacks
 138                 for priv, _ in pairs(core.auth_table[name].privileges) do
 139                         if not privileges[priv] then
 140                                 core.run_priv_callbacks(name, priv, nil, "revoke")
 141                         end
 142                 end
 143
 144                 core.auth_table[name].privileges = privileges
 145                 core.notify_authentication_modified(name)
 146                 save_auth_file()
 147         end,
 148         reload = function()
 149                 read_auth_file()
 150                 return true
 151         end,
 152         record_login = function(name)
 153                 assert(type(name) == "string")
 154                 assert(core.auth_table[name]).last_login = os.time()
 155                 save_auth_file()
 156         end,
 157 }
 158
 159 function core.register_authentication_handler(handler)
 160         if core.registered_auth_handler then
 161                 error("Add-on authentication handler already registered by "..core.registered_auth_handler_modname)
 162         end
 163         core.registered_auth_handler = handler
 164         core.registered_auth_handler_modname = core.get_current_modname()
 165         handler.mod_origin = core.registered_auth_handler_modname
 166 end
 167
 168 function core.get_auth_handler()
 169         return core.registered_auth_handler or core.builtin_auth_handler
 170 end
 171
 172 local function auth_pass(name)
 173         return function(...)
 174                 local auth_handler = core.get_auth_handler()
 175                 if auth_handler[name] then
 176                         return auth_handler[name](...)
 177                 end
 178                 return false
 179         end
 180 end
 181
 182 core.set_player_password = auth_pass("set_password")
 183 core.set_player_privs    = auth_pass("set_privileges")
 184 core.auth_reload         = auth_pass("reload")
 185
 186
 187 local record_login = auth_pass("record_login")
 188
 189 core.register_on_joinplayer(function(player)
 190         record_login(player:get_player_name())
 191 end)
 192
 193 core.register_on_prejoinplayer(function(name, ip)
 194         local auth = core.auth_table
 195         if auth[name] ~= nil then
 196                 return
 197         end
 198
 199         local name_lower = name:lower()
 200         for k in pairs(auth) do
 201                 if k:lower() == name_lower then
 202                         return string.format("\nCannot create new player called '%s'. "..
 203                                         "Another account called '%s' is already registered. "..
 204                                         "Please check the spelling if it's your account "..
 205                                         "or use a different nickname.", name, k)
 206                 end
 207         end
 208 end)