aboutsummaryrefslogtreecommitdiff
path: root/builtin
diff options
context:
space:
mode:
authorBen Deutsch <ben@bendeutsch.de>2018-08-05 13:13:38 +0200
committerLoïc Blot <nerzhul@users.noreply.github.com>2018-08-05 13:13:38 +0200
commit153fb211ac2342907eb766a79c1f41824f981ab5 (patch)
tree58a927bbf9a7d3d3811df6a703de02362b6474fb /builtin
parent18368824958139f1428d534082852d778982b4c9 (diff)
downloadminetest-153fb211ac2342907eb766a79c1f41824f981ab5.tar.gz
minetest-153fb211ac2342907eb766a79c1f41824f981ab5.tar.bz2
minetest-153fb211ac2342907eb766a79c1f41824f981ab5.zip
Replace auth.txt with SQLite auth database (#7279)
* Replace auth.txt with SQLite auth database
Diffstat (limited to 'builtin')
-rw-r--r--builtin/game/auth.lua119
1 files changed, 37 insertions, 82 deletions
diff --git a/builtin/game/auth.lua b/builtin/game/auth.lua
index ad2f35a13..7aedfc82e 100644
--- a/builtin/game/auth.lua
+++ b/builtin/game/auth.lua
@@ -4,72 +4,22 @@
-- Builtin authentication handler
--
-local auth_file_path = core.get_worldpath().."/auth.txt"
-local auth_table = {}
-
-local function read_auth_file()
- local newtable = {}
- local file, errmsg = io.open(auth_file_path, 'rb')
- if not file then
- core.log("info", auth_file_path.." could not be opened for reading ("..errmsg.."); assuming new world")
- return
- end
- for line in file:lines() do
- if line ~= "" then
- local fields = line:split(":", true)
- local name, password, privilege_string, last_login = unpack(fields)
- last_login = tonumber(last_login)
- if not (name and password and privilege_string) then
- error("Invalid line in auth.txt: "..dump(line))
- end
- local privileges = core.string_to_privs(privilege_string)
- newtable[name] = {password=password, privileges=privileges, last_login=last_login}
- end
- end
- io.close(file)
- auth_table = newtable
- core.notify_authentication_modified()
-end
-
-local function save_auth_file()
- local newtable = {}
- -- Check table for validness before attempting to save
- for name, stuff in pairs(auth_table) do
- assert(type(name) == "string")
- assert(name ~= "")
- assert(type(stuff) == "table")
- assert(type(stuff.password) == "string")
- assert(type(stuff.privileges) == "table")
- assert(stuff.last_login == nil or type(stuff.last_login) == "number")
- end
- local content = {}
- for name, stuff in pairs(auth_table) do
- local priv_string = core.privs_to_string(stuff.privileges)
- local parts = {name, stuff.password, priv_string, stuff.last_login or ""}
- content[#content + 1] = table.concat(parts, ":")
- end
- if not core.safe_file_write(auth_file_path, table.concat(content, "\n")) then
- error(auth_file_path.." could not be written to")
- end
-end
-
-read_auth_file()
+-- Make the auth object private, deny access to mods
+local core_auth = core.auth
+core.auth = nil
core.builtin_auth_handler = {
get_auth = function(name)
assert(type(name) == "string")
- -- Figure out what password to use for a new player (singleplayer
- -- always has an empty password, otherwise use default, which is
- -- usually empty too)
- local new_password_hash = ""
- -- If not in authentication table, return nil
- if not auth_table[name] then
+ local auth_entry = core_auth.read(name)
+ -- If no such auth found, return nil
+ if not auth_entry then
return nil
end
-- Figure out what privileges the player should have.
-- Take a copy of the privilege table
local privileges = {}
- for priv, _ in pairs(auth_table[name].privileges) do
+ for priv, _ in pairs(auth_entry.privileges) do
privileges[priv] = true
end
-- If singleplayer, give all privileges except those marked as give_to_singleplayer = false
@@ -89,85 +39,89 @@ core.builtin_auth_handler = {
end
-- All done
return {
- password = auth_table[name].password,
+ password = auth_entry.password,
privileges = privileges,
-- Is set to nil if unknown
- last_login = auth_table[name].last_login,
+ last_login = auth_entry.last_login,
}
end,
create_auth = function(name, password)
assert(type(name) == "string")
assert(type(password) == "string")
core.log('info', "Built-in authentication handler adding player '"..name.."'")
- auth_table[name] = {
+ return core_auth.create({
+ name = name,
password = password,
privileges = core.string_to_privs(core.settings:get("default_privs")),
last_login = os.time(),
- }
- save_auth_file()
+ })
end,
delete_auth = function(name)
assert(type(name) == "string")
- if not auth_table[name] then
+ local auth_entry = core_auth.read(name)
+ if not auth_entry then
return false
end
core.log('info', "Built-in authentication handler deleting player '"..name.."'")
- auth_table[name] = nil
- save_auth_file()
- return true
+ return core_auth.delete(name)
end,
set_password = function(name, password)
assert(type(name) == "string")
assert(type(password) == "string")
- if not auth_table[name] then
+ local auth_entry = core_auth.read(name)
+ if not auth_entry then
core.builtin_auth_handler.create_auth(name, password)
else
core.log('info', "Built-in authentication handler setting password of player '"..name.."'")
- auth_table[name].password = password
- save_auth_file()
+ auth_entry.password = password
+ core_auth.save(auth_entry)
end
return true
end,
set_privileges = function(name, privileges)
assert(type(name) == "string")
assert(type(privileges) == "table")
- if not auth_table[name] then
- core.builtin_auth_handler.create_auth(name,
+ local auth_entry = core_auth.read(name)
+ if not auth_entry then
+ auth_entry = core.builtin_auth_handler.create_auth(name,
core.get_password_hash(name,
core.settings:get("default_password")))
end
-- Run grant callbacks
for priv, _ in pairs(privileges) do
- if not auth_table[name].privileges[priv] then
+ if not auth_entry.privileges[priv] then
core.run_priv_callbacks(name, priv, nil, "grant")
end
end
-- Run revoke callbacks
- for priv, _ in pairs(auth_table[name].privileges) do
+ for priv, _ in pairs(auth_entry.privileges) do
if not privileges[priv] then
core.run_priv_callbacks(name, priv, nil, "revoke")
end
end
- auth_table[name].privileges = privileges
+ auth_entry.privileges = privileges
+ core_auth.save(auth_entry)
core.notify_authentication_modified(name)
- save_auth_file()
end,
reload = function()
- read_auth_file()
+ core_auth.reload()
return true
end,
record_login = function(name)
assert(type(name) == "string")
- assert(auth_table[name]).last_login = os.time()
- save_auth_file()
+ local auth_entry = core_auth.read(name)
+ assert(auth_entry)
+ auth_entry.last_login = os.time()
+ core_auth.save(auth_entry)
end,
iterate = function()
local names = {}
- for k in pairs(auth_table) do
- names[k] = true
+ local nameslist = core_auth.list_names()
+ for k,v in pairs(nameslist) do
+ names[v] = true
end
return pairs(names)
end,
@@ -177,12 +131,13 @@ core.register_on_prejoinplayer(function(name, ip)
if core.registered_auth_handler ~= nil then
return -- Don't do anything if custom auth handler registered
end
- if auth_table[name] ~= nil then
+ local auth_entry = core_auth.read(name)
+ if auth_entry ~= nil then
return
end
local name_lower = name:lower()
- for k in pairs(auth_table) do
+ for k in core.builtin_auth_handler.iterate() do
if k:lower() == name_lower then
return string.format("\nCannot create new player called '%s'. "..
"Another account called '%s' is already registered. "..