aboutsummaryrefslogtreecommitdiff
path: root/src/script
diff options
context:
space:
mode:
authorest31 <MTest31@outlook.com>2016-05-30 23:27:48 +1000
committerCraig Robbins <kde.psych@gmail.com>2016-05-30 23:28:08 +1000
commit27db92925261ed6646d0a1c0512711ab3aeb5fb8 (patch)
tree3e104d027f0d1c25d49c02d5845591ab225dd6bd /src/script
parent4134d8ad13c371820a485a9752b1197a8d7007f3 (diff)
downloadminetest-27db92925261ed6646d0a1c0512711ab3aeb5fb8.tar.gz
minetest-27db92925261ed6646d0a1c0512711ab3aeb5fb8.tar.bz2
minetest-27db92925261ed6646d0a1c0512711ab3aeb5fb8.zip
Add minetest.check_password_entry callback
Gives a convenient way to check a player's password. This entirely bypasses the SRP protocol, so should be used with great care. This function is not intended to be used in-game, but solely by external protocols, where no authentication of the minetest engine is provided, and also only for protocols, in which the user already gives the server the plaintext password. Examples for good use are the classical http form, or irc, an example for a bad use is a password change dialog inside formspec. Users should be aware that they lose the advantages of the SRP protocol if they enter their passwords for servers outside the normal entry box, like in in-game formspec menus, or through irc /msg s, This patch also fixes an auth.h mistake which has mixed up the order of params inside the decode_srp_verifier_and_salt function. Zeno-: Added errorstream message for invalid format when I committed
Diffstat (limited to 'src/script')
-rw-r--r--src/script/lua_api/l_util.cpp30
-rw-r--r--src/script/lua_api/l_util.h3
2 files changed, 33 insertions, 0 deletions
diff --git a/src/script/lua_api/l_util.cpp b/src/script/lua_api/l_util.cpp
index e90b7fbcf..d090fc91c 100644
--- a/src/script/lua_api/l_util.cpp
+++ b/src/script/lua_api/l_util.cpp
@@ -246,6 +246,35 @@ int ModApiUtil::l_get_hit_params(lua_State *L)
return 1;
}
+// check_password_entry(name, entry, password)
+int ModApiUtil::l_check_password_entry(lua_State *L)
+{
+ NO_MAP_LOCK_REQUIRED;
+ std::string name = luaL_checkstring(L, 1);
+ std::string entry = luaL_checkstring(L, 2);
+ std::string password = luaL_checkstring(L, 3);
+
+ if (base64_is_valid(entry)) {
+ std::string hash = translate_password(name, password);
+ lua_pushboolean(L, hash == entry);
+ return 1;
+ }
+
+ std::string salt;
+ std::string verifier;
+
+ if (!decode_srp_verifier_and_salt(entry, &verifier, &salt)) {
+ // invalid format
+ warningstream << "Invalid password format for " << name << std::endl;
+ lua_pushboolean(L, false);
+ return 1;
+ }
+ std::string gen_verifier = generate_srp_verifier(name, password, salt);
+
+ lua_pushboolean(L, gen_verifier == verifier);
+ return 1;
+}
+
// get_password_hash(name, raw_password)
int ModApiUtil::l_get_password_hash(lua_State *L)
{
@@ -449,6 +478,7 @@ void ModApiUtil::Initialize(lua_State *L, int top)
API_FCT(get_dig_params);
API_FCT(get_hit_params);
+ API_FCT(check_password_entry);
API_FCT(get_password_hash);
API_FCT(is_yes);
diff --git a/src/script/lua_api/l_util.h b/src/script/lua_api/l_util.h
index 779dbe281..3012d55aa 100644
--- a/src/script/lua_api/l_util.h
+++ b/src/script/lua_api/l_util.h
@@ -71,6 +71,9 @@ private:
// get_hit_params(groups, tool_capabilities[, time_from_last_punch])
static int l_get_hit_params(lua_State *L);
+ // check_password_entry(name, entry, password)
+ static int l_check_password_entry(lua_State *L);
+
// get_password_hash(name, raw_password)
static int l_get_password_hash(lua_State *L);