2
0

auth.lua 5.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188
  1. -- Minetest: builtin/auth.lua
  2. --
  3. -- Authentication handler
  4. --
  5. function core.string_to_privs(str, delim)
  6. assert(type(str) == "string")
  7. delim = delim or ','
  8. privs = {}
  9. for _, priv in pairs(string.split(str, delim)) do
  10. privs[priv:trim()] = true
  11. end
  12. return privs
  13. end
  14. function core.privs_to_string(privs, delim)
  15. assert(type(privs) == "table")
  16. delim = delim or ','
  17. list = {}
  18. for priv, bool in pairs(privs) do
  19. if bool then
  20. table.insert(list, priv)
  21. end
  22. end
  23. return table.concat(list, delim)
  24. end
  25. assert(core.string_to_privs("a,b").b == true)
  26. assert(core.privs_to_string({a=true,b=true}) == "a,b")
  27. core.auth_file_path = core.get_worldpath().."/auth.txt"
  28. core.auth_table = {}
  29. local function read_auth_file()
  30. local newtable = {}
  31. local file, errmsg = io.open(core.auth_file_path, 'rb')
  32. if not file then
  33. core.log("info", core.auth_file_path.." could not be opened for reading ("..errmsg.."); assuming new world")
  34. return
  35. end
  36. for line in file:lines() do
  37. if line ~= "" then
  38. local name, password, privilegestring = string.match(line, "([^:]*):([^:]*):([^:]*)")
  39. if not name or not password or not privilegestring then
  40. error("Invalid line in auth.txt: "..dump(line))
  41. end
  42. local privileges = core.string_to_privs(privilegestring)
  43. newtable[name] = {password=password, privileges=privileges}
  44. end
  45. end
  46. io.close(file)
  47. core.auth_table = newtable
  48. core.notify_authentication_modified()
  49. end
  50. local function save_auth_file()
  51. local newtable = {}
  52. -- Check table for validness before attempting to save
  53. for name, stuff in pairs(core.auth_table) do
  54. assert(type(name) == "string")
  55. assert(name ~= "")
  56. assert(type(stuff) == "table")
  57. assert(type(stuff.password) == "string")
  58. assert(type(stuff.privileges) == "table")
  59. end
  60. local file, errmsg = io.open(core.auth_file_path, 'w+b')
  61. if not file then
  62. error(core.auth_file_path.." could not be opened for writing: "..errmsg)
  63. end
  64. for name, stuff in pairs(core.auth_table) do
  65. local privstring = core.privs_to_string(stuff.privileges)
  66. file:write(name..":"..stuff.password..":"..privstring..'\n')
  67. end
  68. io.close(file)
  69. end
  70. read_auth_file()
  71. core.builtin_auth_handler = {
  72. get_auth = function(name)
  73. assert(type(name) == "string")
  74. -- Figure out what password to use for a new player (singleplayer
  75. -- always has an empty password, otherwise use default, which is
  76. -- usually empty too)
  77. local new_password_hash = ""
  78. -- If not in authentication table, return nil
  79. if not core.auth_table[name] then
  80. return nil
  81. end
  82. -- Figure out what privileges the player should have.
  83. -- Take a copy of the privilege table
  84. local privileges = {}
  85. for priv, _ in pairs(core.auth_table[name].privileges) do
  86. privileges[priv] = true
  87. end
  88. -- If singleplayer, give all privileges except those marked as give_to_singleplayer = false
  89. if core.is_singleplayer() then
  90. for priv, def in pairs(core.registered_privileges) do
  91. if def.give_to_singleplayer then
  92. privileges[priv] = true
  93. end
  94. end
  95. -- For the admin, give everything
  96. elseif name == core.setting_get("name") then
  97. for priv, def in pairs(core.registered_privileges) do
  98. privileges[priv] = true
  99. end
  100. end
  101. -- All done
  102. return {
  103. password = core.auth_table[name].password,
  104. privileges = privileges,
  105. }
  106. end,
  107. create_auth = function(name, password)
  108. assert(type(name) == "string")
  109. assert(type(password) == "string")
  110. core.log('info', "Built-in authentication handler adding player '"..name.."'")
  111. core.auth_table[name] = {
  112. password = password,
  113. privileges = core.string_to_privs(core.setting_get("default_privs")),
  114. }
  115. save_auth_file()
  116. end,
  117. set_password = function(name, password)
  118. assert(type(name) == "string")
  119. assert(type(password) == "string")
  120. if not core.auth_table[name] then
  121. core.builtin_auth_handler.create_auth(name, password)
  122. else
  123. core.log('info', "Built-in authentication handler setting password of player '"..name.."'")
  124. core.auth_table[name].password = password
  125. save_auth_file()
  126. end
  127. return true
  128. end,
  129. set_privileges = function(name, privileges)
  130. assert(type(name) == "string")
  131. assert(type(privileges) == "table")
  132. if not core.auth_table[name] then
  133. core.builtin_auth_handler.create_auth(name, core.get_password_hash(name, core.setting_get("default_password")))
  134. end
  135. core.auth_table[name].privileges = privileges
  136. core.notify_authentication_modified(name)
  137. save_auth_file()
  138. end,
  139. reload = function()
  140. read_auth_file()
  141. return true
  142. end,
  143. }
  144. function core.register_authentication_handler(handler)
  145. if core.registered_auth_handler then
  146. error("Add-on authentication handler already registered by "..core.registered_auth_handler_modname)
  147. end
  148. core.registered_auth_handler = handler
  149. core.registered_auth_handler_modname = core.get_current_modname()
  150. end
  151. function core.get_auth_handler()
  152. if core.registered_auth_handler then
  153. return core.registered_auth_handler
  154. end
  155. return core.builtin_auth_handler
  156. end
  157. function core.set_player_password(name, password)
  158. if core.get_auth_handler().set_password then
  159. core.get_auth_handler().set_password(name, password)
  160. end
  161. end
  162. function core.set_player_privs(name, privs)
  163. if core.get_auth_handler().set_privileges then
  164. core.get_auth_handler().set_privileges(name, privs)
  165. end
  166. end
  167. function core.auth_reload()
  168. if core.get_auth_handler().reload then
  169. return core.get_auth_handler().reload()
  170. end
  171. return false
  172. end