minenux/minetest-engine-minetest
minenux/minetest-engine-minetest
1
0
Fork 0
Code Pull Requests Releases Activity
minetest-engine-minetest/src/script/lua_api/l_util.cpp
est31 27db929252 Add minetest.check_password_entry callback 
Gives a convenient way to check a player's password.

This entirely bypasses the SRP protocol, so should be used
with great care.

This function is not intended to be used
in-game, but solely by external protocols, where no
authentication of the minetest engine is provided, and
also only for protocols, in which the user already gives the
server the plaintext password.

Examples for good use are the classical http form, or irc,
an example for a bad use is a password change dialog inside
formspec.

Users should be aware that they lose the advantages of the SRP
protocol if they enter their passwords for servers outside the
normal entry box, like in in-game formspec menus,
or through irc /msg s,

This patch also fixes an auth.h mistake which has mixed up the
order of params inside the decode_srp_verifier_and_salt function.

Zeno-: Added errorstream message for invalid format when I committed
2016-05-30 23:28:08 +10:00

529 lines
12 KiB
C++
Raw Blame History

/*
Minetest
Copyright (C) 2013 celeron55, Perttu Ahola <celeron55@gmail.com>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "lua_api/l_util.h"
#include "lua_api/l_internal.h"
#include "common/c_converter.h"
#include "common/c_content.h"
#include "cpp_api/s_async.h"
#include "serialization.h"
#include "json/json.h"
#include "cpp_api/s_security.h"
#include "porting.h"
#include "debug.h"
#include "log.h"
#include "tool.h"
#include "filesys.h"
#include "settings.h"
#include "util/auth.h"
#include "util/base64.h"
#include <algorithm>
// log([level,] text)
// Writes a line to the logger.
// The one-argument version logs to infostream.
// The two-argument version accepts a log level.
// Either the special case "deprecated" for deprecation notices, or any specified in
// Logger::stringToLevel(name).
int ModApiUtil::l_log(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
std::string text;
LogLevel level = LL_NONE;
if (lua_isnone(L, 2)) {
text = luaL_checkstring(L, 1);
} else {
std::string name = luaL_checkstring(L, 1);
text = luaL_checkstring(L, 2);
if (name == "deprecated") {
log_deprecated(L, text);
return 0;
}
level = Logger::stringToLevel(name);
if (level == LL_MAX) {
warningstream << "Tried to log at unknown level '" << name
<< "'. Defaulting to \"none\"." << std::endl;
level = LL_NONE;
}
}
g_logger.log(level, text);
return 0;
}
// get_us_time()
int ModApiUtil::l_get_us_time(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
lua_pushnumber(L, porting::getTimeUs());
return 1;
}
#define CHECK_SECURE_SETTING(L, name) \
if (ScriptApiSecurity::isSecure(L) && \
name.compare(0, 7, "secure.") == 0) { \
throw LuaError("Attempt to set secure setting."); \
}
// setting_set(name, value)
int ModApiUtil::l_setting_set(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
std::string name = luaL_checkstring(L, 1);
std::string value = luaL_checkstring(L, 2);
CHECK_SECURE_SETTING(L, name);
g_settings->set(name, value);
return 0;
}
// setting_get(name)
int ModApiUtil::l_setting_get(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
const char *name = luaL_checkstring(L, 1);
try{
std::string value = g_settings->get(name);
lua_pushstring(L, value.c_str());
} catch(SettingNotFoundException &e){
lua_pushnil(L);
}
return 1;
}
// setting_setbool(name)
int ModApiUtil::l_setting_setbool(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
std::string name = luaL_checkstring(L, 1);
bool value = lua_toboolean(L, 2);
CHECK_SECURE_SETTING(L, name);
g_settings->setBool(name, value);
return 0;
}
// setting_getbool(name)
int ModApiUtil::l_setting_getbool(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
const char *name = luaL_checkstring(L, 1);
try{
bool value = g_settings->getBool(name);
lua_pushboolean(L, value);
} catch(SettingNotFoundException &e){
lua_pushnil(L);
}
return 1;
}
// setting_save()
int ModApiUtil::l_setting_save(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
if(g_settings_path != "")
g_settings->updateConfigFile(g_settings_path.c_str());
return 0;
}
// parse_json(str[, nullvalue])
int ModApiUtil::l_parse_json(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
const char *jsonstr = luaL_checkstring(L, 1);
// Use passed nullvalue or default to nil
int nullindex = 2;
if (lua_isnone(L, nullindex)) {
lua_pushnil(L);
nullindex = lua_gettop(L);
}
Json::Value root;
{
Json::Reader reader;
std::istringstream stream(jsonstr);
if (!reader.parse(stream, root)) {
errorstream << "Failed to parse json data "
<< reader.getFormattedErrorMessages();
size_t jlen = strlen(jsonstr);
if (jlen > 100) {
errorstream << "Data (" << jlen
<< " bytes) printed to warningstream." << std::endl;
warningstream << "data: \"" << jsonstr << "\"" << std::endl;
} else {
errorstream << "data: \"" << jsonstr << "\"" << std::endl;
}
lua_pushnil(L);
return 1;
}
}
if (!push_json_value(L, root, nullindex)) {
errorstream << "Failed to parse json data, "
<< "depth exceeds lua stack limit" << std::endl;
errorstream << "data: \"" << jsonstr << "\"" << std::endl;
lua_pushnil(L);
}
return 1;
}
// write_json(data[, styled]) -> string or nil and error message
int ModApiUtil::l_write_json(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
bool styled = false;
if (!lua_isnone(L, 2)) {
styled = lua_toboolean(L, 2);
lua_pop(L, 1);
}
Json::Value root;
try {
read_json_value(L, root, 1);
} catch (SerializationError &e) {
lua_pushnil(L);
lua_pushstring(L, e.what());
return 2;
}
std::string out;
if (styled) {
Json::StyledWriter writer;
out = writer.write(root);
} else {
Json::FastWriter writer;
out = writer.write(root);
}
lua_pushlstring(L, out.c_str(), out.size());
return 1;
}
// get_dig_params(groups, tool_capabilities[, time_from_last_punch])
int ModApiUtil::l_get_dig_params(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
std::map<std::string, int> groups;
read_groups(L, 1, groups);
ToolCapabilities tp = read_tool_capabilities(L, 2);
if(lua_isnoneornil(L, 3))
push_dig_params(L, getDigParams(groups, &tp));
else
push_dig_params(L, getDigParams(groups, &tp,
luaL_checknumber(L, 3)));
return 1;
}
// get_hit_params(groups, tool_capabilities[, time_from_last_punch])
int ModApiUtil::l_get_hit_params(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
std::map<std::string, int> groups;
read_groups(L, 1, groups);
ToolCapabilities tp = read_tool_capabilities(L, 2);
if(lua_isnoneornil(L, 3))
push_hit_params(L, getHitParams(groups, &tp));
else
push_hit_params(L, getHitParams(groups, &tp,
luaL_checknumber(L, 3)));
return 1;
}
// check_password_entry(name, entry, password)
int ModApiUtil::l_check_password_entry(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
std::string name = luaL_checkstring(L, 1);
std::string entry = luaL_checkstring(L, 2);
std::string password = luaL_checkstring(L, 3);
if (base64_is_valid(entry)) {
std::string hash = translate_password(name, password);
lua_pushboolean(L, hash == entry);
return 1;
}
std::string salt;
std::string verifier;
if (!decode_srp_verifier_and_salt(entry, &verifier, &salt)) {
// invalid format
warningstream << "Invalid password format for " << name << std::endl;
lua_pushboolean(L, false);
return 1;
}
std::string gen_verifier = generate_srp_verifier(name, password, salt);
lua_pushboolean(L, gen_verifier == verifier);
return 1;
}
// get_password_hash(name, raw_password)
int ModApiUtil::l_get_password_hash(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
std::string name = luaL_checkstring(L, 1);
std::string raw_password = luaL_checkstring(L, 2);
std::string hash = translate_password(name, raw_password);
lua_pushstring(L, hash.c_str());
return 1;
}
// is_yes(arg)
int ModApiUtil::l_is_yes(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
lua_getglobal(L, "tostring"); // function to be called
lua_pushvalue(L, 1); // 1st argument
lua_call(L, 1, 1); // execute function
std::string str(lua_tostring(L, -1)); // get result
lua_pop(L, 1);
bool yes = is_yes(str);
lua_pushboolean(L, yes);
return 1;
}
int ModApiUtil::l_get_builtin_path(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
std::string path = porting::path_share + DIR_DELIM + "builtin";
lua_pushstring(L, path.c_str());
return 1;
}
// compress(data, method, level)
int ModApiUtil::l_compress(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
size_t size;
const char *data = luaL_checklstring(L, 1, &size);
int level = -1;
if (!lua_isnone(L, 3) && !lua_isnil(L, 3))
level = luaL_checknumber(L, 3);
std::ostringstream os;
compressZlib(std::string(data, size), os, level);
std::string out = os.str();
lua_pushlstring(L, out.data(), out.size());
return 1;
}
// decompress(data, method)
int ModApiUtil::l_decompress(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
size_t size;
const char *data = luaL_checklstring(L, 1, &size);
std::istringstream is(std::string(data, size));
std::ostringstream os;
decompressZlib(is, os);
std::string out = os.str();
lua_pushlstring(L, out.data(), out.size());
return 1;
}
// encode_base64(string)
int ModApiUtil::l_encode_base64(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
size_t size;
const char *data = luaL_checklstring(L, 1, &size);
std::string out = base64_encode((const unsigned char *)(data), size);
lua_pushlstring(L, out.data(), out.size());
return 1;
}
// decode_base64(string)
int ModApiUtil::l_decode_base64(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
size_t size;
const char *data = luaL_checklstring(L, 1, &size);
std::string out = base64_decode(std::string(data, size));
lua_pushlstring(L, out.data(), out.size());
return 1;
}
// mkdir(path)
int ModApiUtil::l_mkdir(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
const char *path = luaL_checkstring(L, 1);
CHECK_SECURE_PATH_OPTIONAL(L, path);
lua_pushboolean(L, fs::CreateAllDirs(path));
return 1;
}
// get_dir_list(path, is_dir)
int ModApiUtil::l_get_dir_list(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
const char *path = luaL_checkstring(L, 1);
short is_dir = lua_isboolean(L, 2) ? lua_toboolean(L, 2) : -1;
CHECK_SECURE_PATH_OPTIONAL(L, path);
std::vector<fs::DirListNode> list = fs::GetDirListing(path);
int index = 0;
lua_newtable(L);
for (size_t i = 0; i < list.size(); i++) {
if (is_dir == -1 || is_dir == list[i].dir) {
lua_pushstring(L, list[i].name.c_str());
lua_rawseti(L, -2, ++index);
}
}
return 1;
}
int ModApiUtil::l_request_insecure_environment(lua_State *L)
{
NO_MAP_LOCK_REQUIRED;
// Just return _G if security is disabled
if (!ScriptApiSecurity::isSecure(L)) {
lua_getglobal(L, "_G");
return 1;
}
// We have to make sure that this function is being called directly by
// a mod, otherwise a malicious mod could override this function and
// steal its return value.
lua_Debug info;
// Make sure there's only one item below this function on the stack...
if (lua_getstack(L, 2, &info)) {
return 0;
}
FATAL_ERROR_IF(!lua_getstack(L, 1, &info), "lua_getstack() failed");
FATAL_ERROR_IF(!lua_getinfo(L, "S", &info), "lua_getinfo() failed");
// ...and that that item is the main file scope.
if (strcmp(info.what, "main") != 0) {
return 0;
}
// Get mod name
lua_rawgeti(L, LUA_REGISTRYINDEX, CUSTOM_RIDX_CURRENT_MOD_NAME);
if (!lua_isstring(L, -1)) {
return 0;
}
// Check secure.trusted_mods
const char *mod_name = lua_tostring(L, -1);
std::string trusted_mods = g_settings->get("secure.trusted_mods");
trusted_mods.erase(std::remove(trusted_mods.begin(),
trusted_mods.end(), ' '), trusted_mods.end());
std::vector<std::string> mod_list = str_split(trusted_mods, ',');
if (std::find(mod_list.begin(), mod_list.end(), mod_name) ==
mod_list.end()) {
return 0;
}
// Push insecure environment
lua_rawgeti(L, LUA_REGISTRYINDEX, CUSTOM_RIDX_GLOBALS_BACKUP);
return 1;
}
void ModApiUtil::Initialize(lua_State *L, int top)
{
API_FCT(log);
API_FCT(get_us_time);
API_FCT(setting_set);
API_FCT(setting_get);
API_FCT(setting_setbool);
API_FCT(setting_getbool);
API_FCT(setting_save);
API_FCT(parse_json);
API_FCT(write_json);
API_FCT(get_dig_params);
API_FCT(get_hit_params);
API_FCT(check_password_entry);
API_FCT(get_password_hash);
API_FCT(is_yes);
API_FCT(get_builtin_path);
API_FCT(compress);
API_FCT(decompress);
API_FCT(mkdir);
API_FCT(get_dir_list);
API_FCT(request_insecure_environment);
API_FCT(encode_base64);
API_FCT(decode_base64);
}
void ModApiUtil::InitializeAsync(AsyncEngine& engine)
{
ASYNC_API_FCT(log);
ASYNC_API_FCT(get_us_time);
//ASYNC_API_FCT(setting_set);
ASYNC_API_FCT(setting_get);
//ASYNC_API_FCT(setting_setbool);
ASYNC_API_FCT(setting_getbool);
//ASYNC_API_FCT(setting_save);
ASYNC_API_FCT(parse_json);
ASYNC_API_FCT(write_json);
ASYNC_API_FCT(is_yes);
ASYNC_API_FCT(get_builtin_path);
ASYNC_API_FCT(compress);
ASYNC_API_FCT(decompress);
ASYNC_API_FCT(mkdir);
ASYNC_API_FCT(get_dir_list);
ASYNC_API_FCT(encode_base64);
ASYNC_API_FCT(decode_base64);
}
View Git Blame Copy Permalink