diff options
author | Perttu Ahola <celeron55@gmail.com> | 2012-03-30 18:42:18 +0300 |
---|---|---|
committer | Perttu Ahola <celeron55@gmail.com> | 2012-03-30 18:42:18 +0300 |
commit | 7cad0a2dcd817b179f82066964c45937a603d138 (patch) | |
tree | f97c0ea3d9ccc5b67688fa1110b972c610a65430 /builtin | |
parent | ed1ff06867e84f197330b45168c6ebcba672e532 (diff) | |
download | minetest-7cad0a2dcd817b179f82066964c45937a603d138.tar.gz minetest-7cad0a2dcd817b179f82066964c45937a603d138.tar.bz2 minetest-7cad0a2dcd817b179f82066964c45937a603d138.zip |
Reimplement authentication handler in Lua; now we have 1) infinite privilege names, 2) minetest.register_authentication_handler()
Diffstat (limited to 'builtin')
-rw-r--r-- | builtin/builtin.lua | 261 |
1 files changed, 253 insertions, 8 deletions
diff --git a/builtin/builtin.lua b/builtin/builtin.lua index 55220a607..45119be48 100644 --- a/builtin/builtin.lua +++ b/builtin/builtin.lua @@ -12,7 +12,7 @@ print = minetest.debug -- --- +-- Define some random basic things -- function basic_dump2(o) @@ -89,6 +89,19 @@ function dump(o, dumped) end end +function string:split(sep) + local sep, fields = sep or ",", {} + local pattern = string.format("([^%s]+)", sep) + self:gsub(pattern, function(c) fields[#fields+1] = c end) + return fields +end + +function string:trim() + return (self:gsub("^%s*(.-)%s*$", "%1")) +end + +assert(string.trim("\n \t\tfoo\t ") == "foo") + -- -- Item definition helpers -- @@ -818,7 +831,7 @@ minetest.register_globalstep(function(dtime) end) function minetest.after(time, func, param) - table.insert(minetest.timers_to_add, {time=time, func=func, param=param}) + table.insert(minetest.timers_to_add, {time=time, func=func, param=param}) end function minetest.check_player_privs(name, privs) @@ -848,6 +861,21 @@ function minetest.get_connected_players() return list end +minetest.registered_privileges = {} +function minetest.register_privilege(name, description) + minetest.registered_privileges[name] = description +end + +minetest.register_privilege("interact", "Can interact with things and modify the world") +minetest.register_privilege("teleport", "Can use /teleport command") +minetest.register_privilege("settime", "Can use /time") +minetest.register_privilege("privs", "Can modify privileges") +minetest.register_privilege("server", "Can do server maintenance stuff") +minetest.register_privilege("shout", "Can speak in chat") +minetest.register_privilege("ban", "Can ban and unban players") +minetest.register_privilege("give", "Can use /give and /giveme") +minetest.register_privilege("password", "Can use /setpassword and /clearpassword") + -- -- Chat commands -- @@ -873,7 +901,7 @@ minetest.register_chatcommand("help", { if def.description and def.description ~= "" then msg = msg .. ": " .. def.description end return msg end - if not param or param == "" then + if param == "" then local msg = "" cmds = {} for cmd, def in pairs(minetest.chatcommands) do @@ -905,18 +933,89 @@ minetest.register_chatcommand("help", { -- Register C++ commands without functions minetest.register_chatcommand("me", {params = nil, description = "chat action (eg. /me orders a pizza)"}) minetest.register_chatcommand("status", {description = "print server status line"}) -minetest.register_chatcommand("privs", {params = "<name>", description = "print out privileges of player"}) minetest.register_chatcommand("shutdown", {params = "", description = "shutdown server", privs = {server=true}}) minetest.register_chatcommand("setting", {params = "<name> = <value>", description = "set line in configuration file", privs = {server=true}}) minetest.register_chatcommand("clearobjects", {params = "", description = "clear all objects in world", privs = {server=true}}) minetest.register_chatcommand("time", {params = "<0...24000>", description = "set time of day", privs = {settime=true}}) minetest.register_chatcommand("teleport", {params = "<X>,<Y>,<Z>", description = "teleport to given position", privs = {teleport=true}}) -minetest.register_chatcommand("grant", {params = "<name> <privilege>", description = "Give privilege to player", privs = {privs=true}}) -minetest.register_chatcommand("revoke", {params = "<name> <privilege>", description = "Remove privilege from player", privs = {privs=true}}) minetest.register_chatcommand("ban", {params = "<name>", description = "ban IP of player", privs = {ban=true}}) minetest.register_chatcommand("unban", {params = "<name/ip>", description = "remove IP ban", privs = {ban=true}}) -minetest.register_chatcommand("setpassword", {params = "<name> <password>", description = "set given password", privs = {password=true}}) -minetest.register_chatcommand("clearpassword", {params = "<name>", description = "set empty password", privs = {password=true}}) + +-- Register some other commands +minetest.register_chatcommand("privs", { + params = "<name>", + description = "print out privileges of player", + func = function(name, param) + if param == "" then + param = name + else + if not minetest.check_player_privs(name, {privs=true}) then + minetest.chat_send_player(name, "Privileges of "..param.." are hidden from you.") + end + end + privs = {} + for priv, _ in pairs(minetest.get_player_privs(param)) do + table.insert(privs, priv) + end + minetest.chat_send_player(name, "Privileges of "..param..": "..table.concat(privs, " ")) + end, +}) +minetest.register_chatcommand("grant", { + params = "<name> <privilege>", + description = "Give privilege to player", + privs = {privs=true}, + func = function(name, param) + local grantname, grantprivstr = string.match(param, "([^ ]+) (.+)") + if not grantname or not grantprivstr then + minetest.chat_send_player(name, "Invalid parameters (see /help grant)") + return + end + local grantprivs = minetest.string_to_privs(grantprivstr) + local privs = minetest.get_player_privs(grantname) + for priv, _ in pairs(grantprivs) do + privs[priv] = true + end + minetest.set_player_privs(grantname, privs) + end, +}) +minetest.register_chatcommand("revoke", { + params = "<name> <privilege>", + description = "Remove privilege from player", + privs = {privs=true}, + func = function(name, param) + local revokename, revokeprivstr = string.match(param, "([^ ]+) (.+)") + if not revokename or not revokeprivstr then + minetest.chat_send_player(name, "Invalid parameters (see /help revoke)") + return + end + local revokeprivs = minetest.string_to_privs(revokeprivstr) + local privs = minetest.get_player_privs(revokename) + for priv, _ in pairs(revokeprivs) do + table.remove(privs, priv) + end + minetest.set_player_privs(revokename, privs) + end, +}) +minetest.register_chatcommand("setpassword", { + params = "<name> <password>", + description = "set given password", + privs = {password=true}, + func = function(name, param) + if param == "" then + minetest.chat_send_player(name, "Password field required") + return + end + minetest.set_player_password(name, param) + end, +}) +minetest.register_chatcommand("clearpassword", { + params = "<name>", + description = "set empty password", + privs = {password=true}, + func = function(name, param) + minetest.set_player_password(name, '') + end, +}) -- -- Builtin chat handler @@ -924,6 +1023,9 @@ minetest.register_chatcommand("clearpassword", {params = "<name>", description = minetest.register_on_chat_message(function(name, message) local cmd, param = string.match(message, "/([^ ]+) *(.*)") + if not param then + param = "" + end local cmd_def = minetest.chatcommands[cmd] if cmd_def then if not cmd_def.func then @@ -943,6 +1045,149 @@ minetest.register_on_chat_message(function(name, message) end) -- +-- Authentication handler +-- + +function minetest.string_to_privs(str) + assert(type(str) == "string") + privs = {} + for _, priv in pairs(string.split(str, ',')) do + privs[priv:trim()] = true + end + return privs +end + +function minetest.privs_to_string(privs) + assert(type(privs) == "table") + list = {} + for priv, bool in pairs(privs) do + if bool then + table.insert(list, priv) + end + end + return table.concat(list, ',') +end + +assert(minetest.string_to_privs("a,b").b == true) +assert(minetest.privs_to_string({a=true,b=true}) == "a,b") + +minetest.auth_file_path = minetest.get_worldpath().."/auth.txt" +minetest.auth_table = {} + +local function read_auth_file() + local newtable = {} + local file, errmsg = io.open(minetest.auth_file_path, 'rb') + if not file then + error(minetest.auth_file_path.." could not be opened for reading: "..errmsg) + end + for line in file:lines() do + if line ~= "" then + local name, password, privilegestring = string.match(line, "([^:]*):([^:]*):([^:]*)") + if not name or not password or not privilegestring then + error("Invalid line in auth.txt: "..dump(line)) + end + local privileges = minetest.string_to_privs(privilegestring) + newtable[name] = {password=password, privileges=privileges} + end + end + io.close(file) + minetest.auth_table = newtable +end + +local function save_auth_file() + local newtable = {} + -- Check table for validness before attempting to save + for name, stuff in pairs(minetest.auth_table) do + assert(type(name) == "string") + assert(name ~= "") + assert(type(stuff) == "table") + assert(type(stuff.password) == "string") + assert(type(stuff.privileges) == "table") + end + local file, errmsg = io.open(minetest.auth_file_path, 'w+b') + if not file then + error(minetest.auth_file_path.." could not be opened for writing: "..errmsg) + end + for name, stuff in pairs(minetest.auth_table) do + local privstring = minetest.privs_to_string(stuff.privileges) + file:write(name..":"..stuff.password..":"..privstring..'\n') + end + io.close(file) +end + +read_auth_file() + +minetest.builtin_auth_handler = { + get_auth = function(name) + assert(type(name) == "string") + if not minetest.auth_table[name] then + minetest.builtin_auth_handler.create_auth(name, minetest.get_password_hash(name, minetest.setting_get("default_password"))) + end + if minetest.is_singleplayer() or name == minetest.setting_get("name") then + return { + password = "", + privileges = minetest.registered_privileges + } + else + return minetest.auth_table[name] + end + end, + create_auth = function(name, password) + assert(type(name) == "string") + assert(type(password) == "string") + minetest.log('info', "Built-in authentication handler adding player '"..name.."'") + minetest.auth_table[name] = { + password = password, + privileges = minetest.string_to_privs(minetest.setting_get("default_privs")), + } + save_auth_file() + end, + set_password = function(name, password) + assert(type(name) == "string") + assert(type(password) == "string") + if not minetest.auth_table[name] then + minetest.builtin_auth_handler.create_auth(name, password) + else + minetest.log('info', "Built-in authentication handler setting password of player '"..name.."'") + minetest.auth_table[name].password = password + save_auth_file() + end + end, + set_privileges = function(name, privileges) + assert(type(name) == "string") + assert(type(privileges) == "table") + if not minetest.auth_table[name] then + minetest.builtin_auth_handler.create_auth(name, minetest.get_password_hash(name, minetest.setting_get("default_password"))) + end + minetest.auth_table[name].privileges = privileges + save_auth_file() + end +} + +function minetest.register_authentication_handler(handler) + if minetest.registered_auth_handler then + error("Add-on authentication handler already registered by "..minetest.registered_auth_handler_modname) + end + minetest.registered_auth_handler = handler + minetest.registered_auth_handler_modname = minetest.get_current_modname() +end + +function minetest.get_auth_handler() + if minetest.registered_auth_handler then + return minetest.registered_auth_handler + end + return minetest.builtin_auth_handler +end + +function minetest.set_player_password(name, password) + minetest.get_auth_handler().set_password(name, password) +end + +function minetest.set_player_privs(name, privs) + minetest.get_auth_handler().set_privileges(name, privs) +end + +-- -- Set random seed -- |