1 -- Minetest: builtin/auth.lua
4 -- Builtin authentication handler
7 local auth_file_path = core.get_worldpath().."/auth.txt"
10 local function read_auth_file()
12 local file, errmsg = io.open(auth_file_path, 'rb')
14 core.log("info", auth_file_path.." could not be opened for reading ("..errmsg.."); assuming new world")
17 for line in file:lines() do
19 local fields = line:split(":", true)
20 local name, password, privilege_string, last_login = unpack(fields)
21 last_login = tonumber(last_login)
22 if not (name and password and privilege_string) then
23 error("Invalid line in auth.txt: "..dump(line))
25 local privileges = core.string_to_privs(privilege_string)
26 newtable[name] = {password=password, privileges=privileges, last_login=last_login}
31 core.notify_authentication_modified()
34 local function save_auth_file()
36 -- Check table for validness before attempting to save
37 for name, stuff in pairs(auth_table) do
38 assert(type(name) == "string")
40 assert(type(stuff) == "table")
41 assert(type(stuff.password) == "string")
42 assert(type(stuff.privileges) == "table")
43 assert(stuff.last_login == nil or type(stuff.last_login) == "number")
46 for name, stuff in pairs(auth_table) do
47 local priv_string = core.privs_to_string(stuff.privileges)
48 local parts = {name, stuff.password, priv_string, stuff.last_login or ""}
49 content[#content + 1] = table.concat(parts, ":")
51 if not core.safe_file_write(auth_file_path, table.concat(content, "\n")) then
52 error(auth_file_path.." could not be written to")
58 core.builtin_auth_handler = {
59 get_auth = function(name)
60 assert(type(name) == "string")
61 -- Figure out what password to use for a new player (singleplayer
62 -- always has an empty password, otherwise use default, which is
64 local new_password_hash = ""
65 -- If not in authentication table, return nil
66 if not auth_table[name] then
69 -- Figure out what privileges the player should have.
70 -- Take a copy of the privilege table
72 for priv, _ in pairs(auth_table[name].privileges) do
73 privileges[priv] = true
75 -- If singleplayer, give all privileges except those marked as give_to_singleplayer = false
76 if core.is_singleplayer() then
77 for priv, def in pairs(core.registered_privileges) do
78 if def.give_to_singleplayer then
79 privileges[priv] = true
82 -- For the admin, give everything
83 elseif name == core.settings:get("name") then
84 for priv, def in pairs(core.registered_privileges) do
85 if def.give_to_admin then
86 privileges[priv] = true
92 password = auth_table[name].password,
93 privileges = privileges,
94 -- Is set to nil if unknown
95 last_login = auth_table[name].last_login,
98 create_auth = function(name, password)
99 assert(type(name) == "string")
100 assert(type(password) == "string")
101 core.log('info', "Built-in authentication handler adding player '"..name.."'")
104 privileges = core.string_to_privs(core.settings:get("default_privs")),
105 last_login = os.time(),
109 delete_auth = function(name)
110 assert(type(name) == "string")
111 if not auth_table[name] then
114 core.log('info', "Built-in authentication handler deleting player '"..name.."'")
115 auth_table[name] = nil
119 set_password = function(name, password)
120 assert(type(name) == "string")
121 assert(type(password) == "string")
122 if not auth_table[name] then
123 core.builtin_auth_handler.create_auth(name, password)
125 core.log('info', "Built-in authentication handler setting password of player '"..name.."'")
126 auth_table[name].password = password
131 set_privileges = function(name, privileges)
132 assert(type(name) == "string")
133 assert(type(privileges) == "table")
134 if not auth_table[name] then
135 core.builtin_auth_handler.create_auth(name,
136 core.get_password_hash(name,
137 core.settings:get("default_password")))
140 -- Run grant callbacks
141 for priv, _ in pairs(privileges) do
142 if not auth_table[name].privileges[priv] then
143 core.run_priv_callbacks(name, priv, nil, "grant")
147 -- Run revoke callbacks
148 for priv, _ in pairs(auth_table[name].privileges) do
149 if not privileges[priv] then
150 core.run_priv_callbacks(name, priv, nil, "revoke")
154 auth_table[name].privileges = privileges
155 core.notify_authentication_modified(name)
162 record_login = function(name)
163 assert(type(name) == "string")
164 assert(auth_table[name]).last_login = os.time()
169 for k in pairs(auth_table) do
176 core.register_on_prejoinplayer(function(name, ip)
177 if core.registered_auth_handler ~= nil then
178 return -- Don't do anything if custom auth handler registered
180 if auth_table[name] ~= nil then
184 local name_lower = name:lower()
185 for k in pairs(auth_table) do
186 if k:lower() == name_lower then
187 return string.format("\nCannot create new player called '%s'. "..
188 "Another account called '%s' is already registered. "..
189 "Please check the spelling if it's your account "..
190 "or use a different nickname.", name, k)
196 -- Authentication API
199 function core.register_authentication_handler(handler)
200 if core.registered_auth_handler then
201 error("Add-on authentication handler already registered by "..core.registered_auth_handler_modname)
203 core.registered_auth_handler = handler
204 core.registered_auth_handler_modname = core.get_current_modname()
205 handler.mod_origin = core.registered_auth_handler_modname
208 function core.get_auth_handler()
209 return core.registered_auth_handler or core.builtin_auth_handler
212 local function auth_pass(name)
214 local auth_handler = core.get_auth_handler()
215 if auth_handler[name] then
216 return auth_handler[name](...)
222 core.set_player_password = auth_pass("set_password")
223 core.set_player_privs = auth_pass("set_privileges")
224 core.remove_player_auth = auth_pass("delete_auth")
225 core.auth_reload = auth_pass("reload")
227 local record_login = auth_pass("record_login")
228 core.register_on_joinplayer(function(player)
229 record_login(player:get_player_name())