From d4d49ee8f4d425e7a4136d65f519728869680951 Mon Sep 17 00:00:00 2001
From: Ciaran Gultnieks <ciaran@ciarang.com>
Date: Fri, 20 May 2011 20:28:03 +0100
Subject: Passwords - password entry at main menu, stored and checked by server

---
 src/server.cpp | 59 ++++++++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 49 insertions(+), 10 deletions(-)

(limited to 'src/server.cpp')

diff --git a/src/server.cpp b/src/server.cpp
index d211186eb..051ca85fb 100644
--- a/src/server.cpp
+++ b/src/server.cpp
@@ -1734,8 +1734,9 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
 		// [0] u16 TOSERVER_INIT
 		// [2] u8 SER_FMT_VER_HIGHEST
 		// [3] u8[20] player_name
+		// [23] u8[28] password <--- can be sent without this, from old versions
 
-		if(datasize < 3)
+		if(datasize < 2+1+PLAYERNAME_SIZE)
 			return;
 
 		derr_server<<DTIME<<"Server: Got TOSERVER_INIT from "
@@ -1767,17 +1768,41 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
 		*/
 		
 		// Get player name
-		const u32 playername_size = 20;
-		char playername[playername_size];
-		for(u32 i=0; i<playername_size-1; i++)
+		char playername[PLAYERNAME_SIZE];
+		for(u32 i=0; i<PLAYERNAME_SIZE-1; i++)
 		{
 			playername[i] = data[3+i];
 		}
-		playername[playername_size-1] = 0;
-		
+		playername[PLAYERNAME_SIZE-1] = 0;
+	
+		// Get password
+		char password[PASSWORD_SIZE];
+		if(datasize == 2+1+PLAYERNAME_SIZE)
+		{
+			// old version - assume blank password
+			*password = 0;
+		}
+		else
+		{
+				for(u32 i=0; i<PASSWORD_SIZE-1; i++)
+				{
+					password[i] = data[23+i];
+				}
+				password[PASSWORD_SIZE-1] = 0;
+		}
+		Player *checkplayer = m_env.getPlayer(playername);
+		if(checkplayer != NULL && strcmp(checkplayer->getPassword(),password))
+		{
+			derr_server<<DTIME<<"Server: peer_id="<<peer_id
+					<<": supplied invalid password for "
+					<<playername<<std::endl;
+			SendAccessDenied(m_con, peer_id);
+			return;
+		}
+
 		// Get player
-		Player *player = emergePlayer(playername, "", peer_id);
-		//Player *player = m_env.getPlayer(peer_id);
+		Player *player = emergePlayer(playername, password, peer_id);
+
 
 		/*{
 			// DEBUG: Test serialization
@@ -3138,6 +3163,20 @@ void Server::SendHP(con::Connection &con, u16 peer_id, u8 hp)
 	con.Send(peer_id, 0, data, true);
 }
 
+void Server::SendAccessDenied(con::Connection &con, u16 peer_id)
+{
+	DSTACK(__FUNCTION_NAME);
+	std::ostringstream os(std::ios_base::binary);
+
+	writeU16(os, TOCLIENT_ACCESS_DENIED);
+
+	// Make data buffer
+	std::string s = os.str();
+	SharedBuffer<u8> data((u8*)s.c_str(), s.size());
+	// Send as reliable
+	con.Send(peer_id, 0, data, true);
+}
+
 /*
 	Non-static send methods
 */
@@ -4052,8 +4091,7 @@ v3f findSpawnPos(ServerMap &map)
 			), BS);
 }
 
-Player *Server::emergePlayer(const char *name, const char *password,
-		u16 peer_id)
+Player *Server::emergePlayer(const char *name, const char *password, u16 peer_id)
 {
 	/*
 		Try to get an existing player
@@ -4099,6 +4137,7 @@ Player *Server::emergePlayer(const char *name, const char *password,
 		//player->peer_id = PEER_ID_INEXISTENT;
 		player->peer_id = peer_id;
 		player->updateName(name);
+		player->updatePassword(password);
 
 		/*
 			Set player position
-- 
cgit v1.2.3


From 52d857cf1527948e1db5eead457e51b6741de8a2 Mon Sep 17 00:00:00 2001
From: Ciaran Gultnieks <ciaran@ciarang.com>
Date: Fri, 20 May 2011 21:37:13 +0100
Subject: Passwords - a few corrections to the previous commit

---
 src/main.cpp   |  1 +
 src/server.cpp |  2 +-
 src/sha1.cpp   | 20 ++++++++++++++++++--
 src/sha1.h     | 20 ++++++++++++++++++--
 4 files changed, 38 insertions(+), 5 deletions(-)

(limited to 'src/server.cpp')

diff --git a/src/main.cpp b/src/main.cpp
index 0b181a36d..184643b9f 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -1448,6 +1448,7 @@ int main(int argc, char *argv[])
 						sha1->addBytes(slt.c_str(), slt.length());
 						unsigned char *digest = sha1->getDigest();
 						password = base64_encode(digest, 20);
+						free(digest);
 				}
 				else
 				{
diff --git a/src/server.cpp b/src/server.cpp
index 051ca85fb..b5cb48a36 100644
--- a/src/server.cpp
+++ b/src/server.cpp
@@ -1780,7 +1780,7 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
 		if(datasize == 2+1+PLAYERNAME_SIZE)
 		{
 			// old version - assume blank password
-			*password = 0;
+			password[0] = 0;
 		}
 		else
 		{
diff --git a/src/sha1.cpp b/src/sha1.cpp
index 93df10969..98180adc7 100644
--- a/src/sha1.cpp
+++ b/src/sha1.cpp
@@ -4,8 +4,24 @@ Copyright (c) 2005 Michael D. Leonhard
 
 http://tamale.net/
 
-This file is licensed under the terms described in the
-accompanying LICENSE file.
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
 */
 
 #include <stdio.h>
diff --git a/src/sha1.h b/src/sha1.h
index 2f92fe8d1..c04947373 100644
--- a/src/sha1.h
+++ b/src/sha1.h
@@ -4,8 +4,24 @@ Copyright (c) 2005 Michael D. Leonhard
 
 http://tamale.net/
 
-This file is licensed under the terms described in the
-accompanying LICENSE file.
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
 */
 
 #ifndef SHA1_HEADER
-- 
cgit v1.2.3