1 -- Minetest: builtin/auth.lua
4 -- Authentication handler
7 core.auth_file_path = core.get_worldpath().."/auth.txt"
10 local function read_auth_file()
12 local file, errmsg = io.open(core.auth_file_path, 'rb')
14 core.log("info", core.auth_file_path.." could not be opened for reading ("..errmsg.."); assuming new world")
17 for line in file:lines() do
19 local fields = line:split(":", true)
20 local name, password, privilege_string, last_login = unpack(fields)
21 last_login = tonumber(last_login)
22 if not (name and password and privilege_string) then
23 error("Invalid line in auth.txt: "..dump(line))
25 local privileges = core.string_to_privs(privilege_string)
26 newtable[name] = {password=password, privileges=privileges, last_login=last_login}
30 core.auth_table = newtable
31 core.notify_authentication_modified()
34 local function save_auth_file()
36 -- Check table for validness before attempting to save
37 for name, stuff in pairs(core.auth_table) do
38 assert(type(name) == "string")
40 assert(type(stuff) == "table")
41 assert(type(stuff.password) == "string")
42 assert(type(stuff.privileges) == "table")
43 assert(stuff.last_login == nil or type(stuff.last_login) == "number")
46 for name, stuff in pairs(core.auth_table) do
47 local priv_string = core.privs_to_string(stuff.privileges)
48 local parts = {name, stuff.password, priv_string, stuff.last_login or ""}
49 content = content .. table.concat(parts, ":") .. "\n"
51 if not core.safe_file_write(core.auth_file_path, content) then
52 error(core.auth_file_path.." could not be written to")
58 core.builtin_auth_handler = {
59 get_auth = function(name)
60 assert(type(name) == "string")
61 -- Figure out what password to use for a new player (singleplayer
62 -- always has an empty password, otherwise use default, which is
64 local new_password_hash = ""
65 -- If not in authentication table, return nil
66 if not core.auth_table[name] then
69 -- Figure out what privileges the player should have.
70 -- Take a copy of the privilege table
72 for priv, _ in pairs(core.auth_table[name].privileges) do
73 privileges[priv] = true
75 -- If singleplayer, give all privileges except those marked as give_to_singleplayer = false
76 if core.is_singleplayer() then
77 for priv, def in pairs(core.registered_privileges) do
78 if def.give_to_singleplayer then
79 privileges[priv] = true
82 -- For the admin, give everything
83 elseif name == core.settings:get("name") then
84 for priv, def in pairs(core.registered_privileges) do
85 if def.give_to_admin then
86 privileges[priv] = true
92 password = core.auth_table[name].password,
93 privileges = privileges,
94 -- Is set to nil if unknown
95 last_login = core.auth_table[name].last_login,
98 create_auth = function(name, password)
99 assert(type(name) == "string")
100 assert(type(password) == "string")
101 core.log('info', "Built-in authentication handler adding player '"..name.."'")
102 core.auth_table[name] = {
104 privileges = core.string_to_privs(core.settings:get("default_privs")),
105 last_login = os.time(),
109 set_password = function(name, password)
110 assert(type(name) == "string")
111 assert(type(password) == "string")
112 if not core.auth_table[name] then
113 core.builtin_auth_handler.create_auth(name, password)
115 core.log('info', "Built-in authentication handler setting password of player '"..name.."'")
116 core.auth_table[name].password = password
121 set_privileges = function(name, privileges)
122 assert(type(name) == "string")
123 assert(type(privileges) == "table")
124 if not core.auth_table[name] then
125 core.builtin_auth_handler.create_auth(name,
126 core.get_password_hash(name,
127 core.settings:get("default_password")))
130 -- Run grant callbacks
131 for priv, _ in pairs(privileges) do
132 if not core.auth_table[name].privileges[priv] then
133 core.run_priv_callbacks(name, priv, nil, "grant")
137 -- Run revoke callbacks
138 for priv, _ in pairs(core.auth_table[name].privileges) do
139 if not privileges[priv] then
140 core.run_priv_callbacks(name, priv, nil, "revoke")
144 core.auth_table[name].privileges = privileges
145 core.notify_authentication_modified(name)
152 record_login = function(name)
153 assert(type(name) == "string")
154 assert(core.auth_table[name]).last_login = os.time()
159 function core.register_authentication_handler(handler)
160 if core.registered_auth_handler then
161 error("Add-on authentication handler already registered by "..core.registered_auth_handler_modname)
163 core.registered_auth_handler = handler
164 core.registered_auth_handler_modname = core.get_current_modname()
165 handler.mod_origin = core.registered_auth_handler_modname
168 function core.get_auth_handler()
169 return core.registered_auth_handler or core.builtin_auth_handler
172 local function auth_pass(name)
174 local auth_handler = core.get_auth_handler()
175 if auth_handler[name] then
176 return auth_handler[name](...)
182 core.set_player_password = auth_pass("set_password")
183 core.set_player_privs = auth_pass("set_privileges")
184 core.auth_reload = auth_pass("reload")
187 local record_login = auth_pass("record_login")
189 core.register_on_joinplayer(function(player)
190 record_login(player:get_player_name())
193 core.register_on_prejoinplayer(function(name, ip)
194 local auth = core.auth_table
195 if auth[name] ~= nil then
199 local name_lower = name:lower()
200 for k in pairs(auth) do
201 if k:lower() == name_lower then
202 return string.format("\nCannot create new player called '%s'. "..
203 "Another account called '%s' is already registered. "..
204 "Please check the spelling if it's your account "..
205 "or use a different nickname.", name, k)