1 -- Minetest: builtin/auth.lua
4 -- Builtin authentication handler
7 local auth_file_path = core.get_worldpath().."/auth.txt"
10 local function read_auth_file()
12 local file, errmsg = io.open(auth_file_path, 'rb')
14 core.log("info", auth_file_path.." could not be opened for reading ("..errmsg.."); assuming new world")
17 for line in file:lines() do
19 local fields = line:split(":", true)
20 local name, password, privilege_string, last_login = unpack(fields)
21 last_login = tonumber(last_login)
22 if not (name and password and privilege_string) then
23 error("Invalid line in auth.txt: "..dump(line))
25 local privileges = core.string_to_privs(privilege_string)
26 newtable[name] = {password=password, privileges=privileges, last_login=last_login}
31 core.notify_authentication_modified()
34 local function save_auth_file()
36 -- Check table for validness before attempting to save
37 for name, stuff in pairs(auth_table) do
38 assert(type(name) == "string")
40 assert(type(stuff) == "table")
41 assert(type(stuff.password) == "string")
42 assert(type(stuff.privileges) == "table")
43 assert(stuff.last_login == nil or type(stuff.last_login) == "number")
46 for name, stuff in pairs(auth_table) do
47 local priv_string = core.privs_to_string(stuff.privileges)
48 local parts = {name, stuff.password, priv_string, stuff.last_login or ""}
49 content = content .. table.concat(parts, ":") .. "\n"
51 if not core.safe_file_write(auth_file_path, content) then
52 error(auth_file_path.." could not be written to")
58 core.builtin_auth_handler = {
59 get_auth = function(name)
60 assert(type(name) == "string")
61 -- Figure out what password to use for a new player (singleplayer
62 -- always has an empty password, otherwise use default, which is
64 local new_password_hash = ""
65 -- If not in authentication table, return nil
66 if not auth_table[name] then
69 -- Figure out what privileges the player should have.
70 -- Take a copy of the privilege table
72 for priv, _ in pairs(auth_table[name].privileges) do
73 privileges[priv] = true
75 -- If singleplayer, give all privileges except those marked as give_to_singleplayer = false
76 if core.is_singleplayer() then
77 for priv, def in pairs(core.registered_privileges) do
78 if def.give_to_singleplayer then
79 privileges[priv] = true
82 -- For the admin, give everything
83 elseif name == core.settings:get("name") then
84 for priv, def in pairs(core.registered_privileges) do
85 if def.give_to_admin then
86 privileges[priv] = true
92 password = auth_table[name].password,
93 privileges = privileges,
94 -- Is set to nil if unknown
95 last_login = auth_table[name].last_login,
98 create_auth = function(name, password)
99 assert(type(name) == "string")
100 assert(type(password) == "string")
101 core.log('info', "Built-in authentication handler adding player '"..name.."'")
104 privileges = core.string_to_privs(core.settings:get("default_privs")),
105 last_login = os.time(),
109 set_password = function(name, password)
110 assert(type(name) == "string")
111 assert(type(password) == "string")
112 if not auth_table[name] then
113 core.builtin_auth_handler.create_auth(name, password)
115 core.log('info', "Built-in authentication handler setting password of player '"..name.."'")
116 auth_table[name].password = password
121 set_privileges = function(name, privileges)
122 assert(type(name) == "string")
123 assert(type(privileges) == "table")
124 if not auth_table[name] then
125 core.builtin_auth_handler.create_auth(name,
126 core.get_password_hash(name,
127 core.settings:get("default_password")))
130 -- Run grant callbacks
131 for priv, _ in pairs(privileges) do
132 if not auth_table[name].privileges[priv] then
133 core.run_priv_callbacks(name, priv, nil, "grant")
137 -- Run revoke callbacks
138 for priv, _ in pairs(auth_table[name].privileges) do
139 if not privileges[priv] then
140 core.run_priv_callbacks(name, priv, nil, "revoke")
144 auth_table[name].privileges = privileges
145 core.notify_authentication_modified(name)
152 record_login = function(name)
153 assert(type(name) == "string")
154 assert(auth_table[name]).last_login = os.time()
159 core.register_on_prejoinplayer(function(name, ip)
160 if core.registered_auth_handler ~= nil then
161 return -- Don't do anything if custom auth handler registered
163 if auth_table[name] ~= nil then
167 local name_lower = name:lower()
168 for k in pairs(auth_table) do
169 if k:lower() == name_lower then
170 return string.format("\nCannot create new player called '%s'. "..
171 "Another account called '%s' is already registered. "..
172 "Please check the spelling if it's your account "..
173 "or use a different nickname.", name, k)
179 -- Authentication API
182 function core.register_authentication_handler(handler)
183 if core.registered_auth_handler then
184 error("Add-on authentication handler already registered by "..core.registered_auth_handler_modname)
186 core.registered_auth_handler = handler
187 core.registered_auth_handler_modname = core.get_current_modname()
188 handler.mod_origin = core.registered_auth_handler_modname
191 function core.get_auth_handler()
192 return core.registered_auth_handler or core.builtin_auth_handler
195 local function auth_pass(name)
197 local auth_handler = core.get_auth_handler()
198 if auth_handler[name] then
199 return auth_handler[name](...)
205 core.set_player_password = auth_pass("set_password")
206 core.set_player_privs = auth_pass("set_privileges")
207 core.auth_reload = auth_pass("reload")
209 local record_login = auth_pass("record_login")
210 core.register_on_joinplayer(function(player)
211 record_login(player:get_player_name())