multiserver/auth.go

package main

import (
	"crypto/rand"
	"database/sql"
	"encoding/base64"
	"errors"
	"log"
	"strings"

	_ "github.com/mattn/go-sqlite3"
)

const (
	_ = 1 << iota
	AuthMechSRP
	AuthMechFirstSRP
)

var passPhrase []byte

func encodeVerifierAndSalt(s, v []byte) string {
	return base64.StdEncoding.EncodeToString(s) + "#" + base64.StdEncoding.EncodeToString(v)
}

func decodeVerifierAndSalt(src string) ([]byte, []byte, error) {
	sString := strings.Split(src, "#")[0]
	vString := strings.Split(src, "#")[1]

	s, err := base64.StdEncoding.DecodeString(sString)
	if err != nil {
		return nil, nil, err
	}

	v, err := base64.StdEncoding.DecodeString(vString)
	if err != nil {
		return nil, nil, err
	}

	return s, v, nil
}

func authDB() (*DB, error) {
	sqlite3 := func() (*DB, error) {
		return OpenSQLite3("auth.sqlite", `CREATE TABLE IF NOT EXISTS auth (
	name VARCHAR(32) PRIMARY KEY NOT NULL,
	password VARCHAR(512) NOT NULL
);
CREATE TABLE IF NOT EXISTS privileges (
	name VARCHAR(32) PRIMARY KEY NOT NULL,
	privileges VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS ban (
	addr VARCHAR(39) PRIMARY KEY NOT NULL,
	name VARCHAR(32) NOT NULL
);`)
	}

	psql := func(host, name, user, password string, port int) (*DB, error) {
		return OpenPSQL(host, name, user, password, `CREATE TABLE IF NOT EXISTS auth (
	name VARCHAR(32) PRIMARY KEY NOT NULL,
	password VARCHAR(512) NOT NULL
);
CREATE TABLE IF NOT EXISTS privileges (
	name VARCHAR(32) PRIMARY KEY NOT NULL,
	privileges VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS ban (
	addr VARCHAR(39) PRIMARY KEY NOT NULL,
	name VARCHAR(32) NOT NULL
);`, port)
	}

	db, ok := ConfKey("psql_db").(string)
	if !ok {
		return sqlite3()
	}

	host, ok := ConfKey("psql_host").(string)
	if !ok {
		log.Print("PostgreSQL host not set or not a string")
		return sqlite3()
	}

	port, ok := ConfKey("psql_port").(int)
	if !ok {
		log.Print("PostgreSQL port not set or not an integer")
		return sqlite3()
	}

	user, ok := ConfKey("psql_user").(string)
	if !ok {
		log.Print("PostgreSQL user not set or not a string")
		return sqlite3()
	}

	password, ok := ConfKey("psql_password").(string)
	if !ok {
		log.Print("PostgreSQL password not set or not a string")
		return sqlite3()
	}

	return psql(host, db, user, password, port)
}

// CreateUser creates a new entry in the authentication database
func CreateUser(name string, verifier, salt []byte) error {
	db, err := authDB()
	if err != nil {
		return err
	}
	defer db.Close()

	pwd := encodeVerifierAndSalt(salt, verifier)

	_, err = db.Exec(`INSERT INTO auth (
	name,
	password
) VALUES (
	$1,
	$2
);`, name, pwd)
	return err
}

// Password returns the SRP tokens of a user
func Password(name string) ([]byte, []byte, error) {
	db, err := authDB()
	if err != nil {
		return nil, nil, err
	}
	defer db.Close()

	var pwd string
	err = db.QueryRow(`SELECT password FROM auth WHERE name = $1;`, name).Scan(&pwd)
	if err != nil && !errors.Is(err, sql.ErrNoRows) {
		return nil, nil, err
	}

	if pwd == "" {
		return nil, nil, nil
	}

	salt, verifier, err := decodeVerifierAndSalt(pwd)
	return verifier, salt, err
}

// SetPassword changes the SRP tokens of a user
func SetPassword(name string, verifier, salt []byte) error {
	db, err := authDB()
	if err != nil {
		return err
	}
	defer db.Close()

	pwd := encodeVerifierAndSalt(salt, verifier)

	_, err = db.Exec(`UPDATE auth SET password = $1 WHERE name = $2;`, pwd, name)
	return err
}

func init() {
	pwd, err := StorageKey("auth:passphrase")
	if err != nil {
		log.Fatal(err)
	}

	if pwd == "" {
		passPhrase = make([]byte, 16)
		_, err := rand.Read(passPhrase)
		if err != nil {
			log.Fatal(err)
		}

		// Save the passphrase for future use
		// This passphrase should not be changed wihtout deleting
		// the auth databases on the minetest servers
		err = SetStorageKey("auth:passphrase", string(passPhrase))
		if err != nil {
			log.Fatal(err)
		}
	} else {
		passPhrase = []byte(pwd)
	}
}
Move everything to main package 2021-01-24 05:00:26 -08:00			`package main`
Split peer methods across more files + Automatic config and auth file creation 2021-01-09 13:01:36 -08:00
			`import (`
Improve proxy <-> server password derivation 2021-01-16 13:23:52 -08:00			`"crypto/rand"`
Use new DB API 2021-04-22 03:33:50 -07:00			`"database/sql"`
Split peer methods across more files + Automatic config and auth file creation 2021-01-09 13:01:36 -08:00			`"encoding/base64"`
Use new DB API 2021-04-22 03:33:50 -07:00			`"errors"`
Improve proxy <-> server password derivation 2021-01-16 13:23:52 -08:00			`"log"`
Split peer methods across more files + Automatic config and auth file creation 2021-01-09 13:01:36 -08:00			`"strings"`
Embed Peer and Listener from github.com/anon55555/mt/rudp 2021-01-18 13:08:22 -08:00
			`_ "github.com/mattn/go-sqlite3"`
Split peer methods across more files + Automatic config and auth file creation 2021-01-09 13:01:36 -08:00			`)`

Remove unnecessary pkt properties 2021-01-11 12:45:46 -08:00			`const (`
Simplify DB code 2021-04-01 01:28:28 -07:00			`_ = 1 << iota`
			`AuthMechSRP`
			`AuthMechFirstSRP`
Remove unnecessary pkt properties 2021-01-11 12:45:46 -08:00			`)`

Improve proxy <-> server password derivation 2021-01-16 13:23:52 -08:00			`var passPhrase []byte`
Lua -> Go: Server command 2021-01-14 11:18:58 -08:00
Split peer methods across more files + Automatic config and auth file creation 2021-01-09 13:01:36 -08:00			`func encodeVerifierAndSalt(s, v []byte) string {`
			`return base64.StdEncoding.EncodeToString(s) + "#" + base64.StdEncoding.EncodeToString(v)`
			`}`

			`func decodeVerifierAndSalt(src string) ([]byte, []byte, error) {`
			`sString := strings.Split(src, "#")[0]`
			`vString := strings.Split(src, "#")[1]`

			`s, err := base64.StdEncoding.DecodeString(sString)`
			`if err != nil {`
			`return nil, nil, err`
			`}`

			`v, err := base64.StdEncoding.DecodeString(vString)`
			`if err != nil {`
			`return nil, nil, err`
			`}`

			`return s, v, nil`
			`}`

Update authentication API 2021-04-22 02:17:03 -07:00			`func authDB() (*DB, error) {`
			`sqlite3 := func() (*DB, error) {`
			return OpenSQLite3("auth.sqlite", `CREATE TABLE IF NOT EXISTS auth (
			`name VARCHAR(32) PRIMARY KEY NOT NULL,`
			`password VARCHAR(512) NOT NULL`
			`);`
			`CREATE TABLE IF NOT EXISTS privileges (`
			`name VARCHAR(32) PRIMARY KEY NOT NULL,`
			`privileges VARCHAR(1024)`
			`);`
			`CREATE TABLE IF NOT EXISTS ban (`
			`addr VARCHAR(39) PRIMARY KEY NOT NULL,`
			`name VARCHAR(32) NOT NULL`
			);`)
			`}`
even more fmt 2021-01-10 13:45:45 -08:00
Update authentication API 2021-04-22 02:17:03 -07:00			`psql := func(host, name, user, password string, port int) (*DB, error) {`
			return OpenPSQL(host, name, user, password, `CREATE TABLE IF NOT EXISTS auth (
			`name VARCHAR(32) PRIMARY KEY NOT NULL,`
			`password VARCHAR(512) NOT NULL`
			`);`
			`CREATE TABLE IF NOT EXISTS privileges (`
			`name VARCHAR(32) PRIMARY KEY NOT NULL,`
			`privileges VARCHAR(1024)`
			`);`
			`CREATE TABLE IF NOT EXISTS ban (`
			`addr VARCHAR(39) PRIMARY KEY NOT NULL,`
			`name VARCHAR(32) NOT NULL`
			);`, port)
			`}`

			`db, ok := ConfKey("psql_db").(string)`
			`if !ok {`
			`return sqlite3()`
Split peer methods across more files + Automatic config and auth file creation 2021-01-09 13:01:36 -08:00			`}`

Update authentication API 2021-04-22 02:17:03 -07:00			`host, ok := ConfKey("psql_host").(string)`
			`if !ok {`
			`log.Print("PostgreSQL host not set or not a string")`
			`return sqlite3()`
Split peer methods across more files + Automatic config and auth file creation 2021-01-09 13:01:36 -08:00			`}`

Update authentication API 2021-04-22 02:17:03 -07:00			`port, ok := ConfKey("psql_port").(int)`
			`if !ok {`
			`log.Print("PostgreSQL port not set or not an integer")`
			`return sqlite3()`
			`}`

			`user, ok := ConfKey("psql_user").(string)`
			`if !ok {`
			`log.Print("PostgreSQL user not set or not a string")`
			`return sqlite3()`
			`}`

			`password, ok := ConfKey("psql_password").(string)`
			`if !ok {`
			`log.Print("PostgreSQL password not set or not a string")`
			`return sqlite3()`
			`}`

			`return psql(host, db, user, password, port)`
Split peer methods across more files + Automatic config and auth file creation 2021-01-09 13:01:36 -08:00			`}`

Update authentication API 2021-04-22 02:17:03 -07:00			`// CreateUser creates a new entry in the authentication database`
			`func CreateUser(name string, verifier, salt []byte) error {`
			`db, err := authDB()`
			`if err != nil {`
			`return err`
			`}`
			`defer db.Close()`

			`pwd := encodeVerifierAndSalt(salt, verifier)`

			_, err = db.Exec(`INSERT INTO auth (
			`name,`
			`password`
			`) VALUES (`
Support PostgreSQL for auth 2021-04-22 04:40:56 -07:00			`$1,`
			`$2`
Update authentication API 2021-04-22 02:17:03 -07:00			);`, name, pwd)
Simplify DB code 2021-04-01 01:28:28 -07:00			`return err`
Split peer methods across more files + Automatic config and auth file creation 2021-01-09 13:01:36 -08:00			`}`

Update authentication API 2021-04-22 02:17:03 -07:00			`// Password returns the SRP tokens of a user`
			`func Password(name string) ([]byte, []byte, error) {`
			`db, err := authDB()`
			`if err != nil {`
			`return nil, nil, err`
			`}`
			`defer db.Close()`

			`var pwd string`
Support PostgreSQL for auth 2021-04-22 04:40:56 -07:00			err = db.QueryRow(`SELECT password FROM auth WHERE name = $1;`, name).Scan(&pwd)
Use new DB API 2021-04-22 03:33:50 -07:00			`if err != nil && !errors.Is(err, sql.ErrNoRows) {`
Update authentication API 2021-04-22 02:17:03 -07:00			`return nil, nil, err`
			`}`

Support PostgreSQL for auth 2021-04-22 04:40:56 -07:00			`if pwd == "" {`
			`return nil, nil, nil`
			`}`

Update authentication API 2021-04-22 02:17:03 -07:00			`salt, verifier, err := decodeVerifierAndSalt(pwd)`
			`return verifier, salt, err`
Split peer methods across more files + Automatic config and auth file creation 2021-01-09 13:01:36 -08:00			`}`

Update authentication API 2021-04-22 02:17:03 -07:00			`// SetPassword changes the SRP tokens of a user`
			`func SetPassword(name string, verifier, salt []byte) error {`
			`db, err := authDB()`
			`if err != nil {`
			`return err`
NodeDef+Ban fixes + io.Writers: Redirect 2021-04-01 13:06:26 -07:00			`}`
Update authentication API 2021-04-22 02:17:03 -07:00			`defer db.Close()`

			`pwd := encodeVerifierAndSalt(salt, verifier)`
NodeDef+Ban fixes + io.Writers: Redirect 2021-04-01 13:06:26 -07:00
Support PostgreSQL for auth 2021-04-22 04:40:56 -07:00			_, err = db.Exec(`UPDATE auth SET password = $1 WHERE name = $2;`, pwd, name)
Update authentication API 2021-04-22 02:17:03 -07:00			`return err`
Split peer methods across more files + Automatic config and auth file creation 2021-01-09 13:01:36 -08:00			`}`
Improve proxy <-> server password derivation 2021-01-16 13:23:52 -08:00
			`func init() {`
Fix getter names 2021-03-09 13:23:41 -08:00			`pwd, err := StorageKey("auth:passphrase")`
Improve proxy <-> server password derivation 2021-01-16 13:23:52 -08:00			`if err != nil {`
Use log.Fatal instead of os.Exit 2021-03-02 07:57:19 -08:00			`log.Fatal(err)`
Improve proxy <-> server password derivation 2021-01-16 13:23:52 -08:00			`}`

			`if pwd == "" {`
			`passPhrase = make([]byte, 16)`
			`_, err := rand.Read(passPhrase)`
			`if err != nil {`
Use log.Fatal instead of os.Exit 2021-03-02 07:57:19 -08:00			`log.Fatal(err)`
Improve proxy <-> server password derivation 2021-01-16 13:23:52 -08:00			`}`

			`// Save the passphrase for future use`
Update authentication API 2021-04-22 02:17:03 -07:00			`// This passphrase should not be changed wihtout deleting`
Improve proxy <-> server password derivation 2021-01-16 13:23:52 -08:00			`// the auth databases on the minetest servers`
go clean up some code 2021-01-17 12:43:23 -08:00			`err = SetStorageKey("auth:passphrase", string(passPhrase))`
Improve proxy <-> server password derivation 2021-01-16 13:23:52 -08:00			`if err != nil {`
Use log.Fatal instead of os.Exit 2021-03-02 07:57:19 -08:00			`log.Fatal(err)`
Improve proxy <-> server password derivation 2021-01-16 13:23:52 -08:00			`}`
			`} else {`
			`passPhrase = []byte(pwd)`
			`}`
			`}`