2013-08-11 04:09:45 +02:00
|
|
|
/*
|
|
|
|
|
Minetest
|
|
|
|
|
Copyright (C) 2013 celeron55, Perttu Ahola <celeron55@gmail.com>
|
|
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
|
|
|
it under the terms of the GNU Lesser General Public License as published by
|
|
|
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
GNU Lesser General Public License for more details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU Lesser General Public License along
|
|
|
|
|
with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
|
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "lua_api/l_util.h"
|
|
|
|
|
#include "lua_api/l_internal.h"
|
|
|
|
|
#include "common/c_converter.h"
|
|
|
|
|
#include "common/c_content.h"
|
2014-04-15 19:41:07 +02:00
|
|
|
#include "cpp_api/s_async.h"
|
2014-09-14 23:42:08 +02:00
|
|
|
#include "serialization.h"
|
2014-09-12 00:22:05 +02:00
|
|
|
#include "json/json.h"
|
2014-09-09 21:17:01 +02:00
|
|
|
#include "cpp_api/s_security.h"
|
2014-04-27 23:55:49 +02:00
|
|
|
#include "porting.h"
|
2016-02-25 09:47:28 +01:00
|
|
|
#include "debug.h"
|
2013-08-11 04:09:45 +02:00
|
|
|
#include "log.h"
|
|
|
|
|
#include "tool.h"
|
2014-09-12 00:22:05 +02:00
|
|
|
#include "filesys.h"
|
2013-08-11 04:09:45 +02:00
|
|
|
#include "settings.h"
|
2015-04-12 04:49:13 +02:00
|
|
|
#include "util/auth.h"
|
2016-05-28 05:37:28 +02:00
|
|
|
#include "util/base64.h"
|
2014-09-10 03:52:07 +02:00
|
|
|
#include <algorithm>
|
2013-08-11 04:09:45 +02:00
|
|
|
|
|
|
|
|
// log([level,] text)
|
|
|
|
|
// Writes a line to the logger.
|
|
|
|
|
// The one-argument version logs to infostream.
|
2015-10-26 00:12:39 +01:00
|
|
|
// The two-argument version accepts a log level.
|
|
|
|
|
// Either the special case "deprecated" for deprecation notices, or any specified in
|
|
|
|
|
// Logger::stringToLevel(name).
|
2013-08-11 04:09:45 +02:00
|
|
|
int ModApiUtil::l_log(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
std::string text;
|
2015-10-13 09:57:44 +02:00
|
|
|
LogLevel level = LL_NONE;
|
2013-08-11 04:09:45 +02:00
|
|
|
if (lua_isnone(L, 2)) {
|
2015-10-13 09:57:44 +02:00
|
|
|
text = luaL_checkstring(L, 1);
|
|
|
|
|
} else {
|
|
|
|
|
std::string name = luaL_checkstring(L, 1);
|
2013-08-11 04:09:45 +02:00
|
|
|
text = luaL_checkstring(L, 2);
|
2015-10-13 09:57:44 +02:00
|
|
|
if (name == "deprecated") {
|
|
|
|
|
log_deprecated(L, text);
|
2014-04-29 17:47:34 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
2015-10-13 09:57:44 +02:00
|
|
|
level = Logger::stringToLevel(name);
|
|
|
|
|
if (level == LL_MAX) {
|
|
|
|
|
warningstream << "Tried to log at unknown level '" << name
|
|
|
|
|
<< "'. Defaulting to \"none\"." << std::endl;
|
|
|
|
|
level = LL_NONE;
|
|
|
|
|
}
|
2013-08-11 04:09:45 +02:00
|
|
|
}
|
2015-10-13 09:57:44 +02:00
|
|
|
g_logger.log(level, text);
|
2013-08-11 04:09:45 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-26 08:45:55 +01:00
|
|
|
// get_us_time()
|
|
|
|
|
int ModApiUtil::l_get_us_time(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
lua_pushnumber(L, porting::getTimeUs());
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-06 02:08:51 +02:00
|
|
|
#define CHECK_SECURE_SETTING(L, name) \
|
2016-03-03 06:57:19 +01:00
|
|
|
if (ScriptApiSecurity::isSecure(L) && \
|
|
|
|
|
name.compare(0, 7, "secure.") == 0) { \
|
2016-03-06 20:41:26 +01:00
|
|
|
throw LuaError("Attempt to set secure setting."); \
|
2014-09-06 02:08:51 +02:00
|
|
|
}
|
|
|
|
|
|
2013-08-11 04:09:45 +02:00
|
|
|
// setting_set(name, value)
|
|
|
|
|
int ModApiUtil::l_setting_set(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
2014-09-06 02:08:51 +02:00
|
|
|
std::string name = luaL_checkstring(L, 1);
|
|
|
|
|
std::string value = luaL_checkstring(L, 2);
|
|
|
|
|
CHECK_SECURE_SETTING(L, name);
|
2013-08-11 04:09:45 +02:00
|
|
|
g_settings->set(name, value);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// setting_get(name)
|
|
|
|
|
int ModApiUtil::l_setting_get(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
const char *name = luaL_checkstring(L, 1);
|
|
|
|
|
try{
|
|
|
|
|
std::string value = g_settings->get(name);
|
|
|
|
|
lua_pushstring(L, value.c_str());
|
|
|
|
|
} catch(SettingNotFoundException &e){
|
|
|
|
|
lua_pushnil(L);
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// setting_setbool(name)
|
|
|
|
|
int ModApiUtil::l_setting_setbool(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
2014-09-06 02:08:51 +02:00
|
|
|
std::string name = luaL_checkstring(L, 1);
|
2013-08-11 04:09:45 +02:00
|
|
|
bool value = lua_toboolean(L, 2);
|
2014-09-06 02:08:51 +02:00
|
|
|
CHECK_SECURE_SETTING(L, name);
|
2013-08-11 04:09:45 +02:00
|
|
|
g_settings->setBool(name, value);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// setting_getbool(name)
|
|
|
|
|
int ModApiUtil::l_setting_getbool(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
const char *name = luaL_checkstring(L, 1);
|
|
|
|
|
try{
|
|
|
|
|
bool value = g_settings->getBool(name);
|
|
|
|
|
lua_pushboolean(L, value);
|
|
|
|
|
} catch(SettingNotFoundException &e){
|
|
|
|
|
lua_pushnil(L);
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// setting_save()
|
|
|
|
|
int ModApiUtil::l_setting_save(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
if(g_settings_path != "")
|
|
|
|
|
g_settings->updateConfigFile(g_settings_path.c_str());
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-02 02:01:49 +02:00
|
|
|
// parse_json(str[, nullvalue])
|
|
|
|
|
int ModApiUtil::l_parse_json(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
|
|
|
|
|
const char *jsonstr = luaL_checkstring(L, 1);
|
|
|
|
|
|
|
|
|
|
// Use passed nullvalue or default to nil
|
|
|
|
|
int nullindex = 2;
|
|
|
|
|
if (lua_isnone(L, nullindex)) {
|
|
|
|
|
lua_pushnil(L);
|
|
|
|
|
nullindex = lua_gettop(L);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Json::Value root;
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
Json::Reader reader;
|
|
|
|
|
std::istringstream stream(jsonstr);
|
|
|
|
|
|
|
|
|
|
if (!reader.parse(stream, root)) {
|
|
|
|
|
errorstream << "Failed to parse json data "
|
|
|
|
|
<< reader.getFormattedErrorMessages();
|
2016-01-28 23:53:58 +01:00
|
|
|
size_t jlen = strlen(jsonstr);
|
|
|
|
|
if (jlen > 100) {
|
|
|
|
|
errorstream << "Data (" << jlen
|
|
|
|
|
<< " bytes) printed to warningstream." << std::endl;
|
|
|
|
|
warningstream << "data: \"" << jsonstr << "\"" << std::endl;
|
|
|
|
|
} else {
|
|
|
|
|
errorstream << "data: \"" << jsonstr << "\"" << std::endl;
|
|
|
|
|
}
|
2013-09-02 02:01:49 +02:00
|
|
|
lua_pushnil(L);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!push_json_value(L, root, nullindex)) {
|
|
|
|
|
errorstream << "Failed to parse json data, "
|
|
|
|
|
<< "depth exceeds lua stack limit" << std::endl;
|
|
|
|
|
errorstream << "data: \"" << jsonstr << "\"" << std::endl;
|
|
|
|
|
lua_pushnil(L);
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2013-12-19 00:17:26 +01:00
|
|
|
// write_json(data[, styled]) -> string or nil and error message
|
2013-12-18 22:46:53 +01:00
|
|
|
int ModApiUtil::l_write_json(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
|
|
|
|
|
bool styled = false;
|
|
|
|
|
if (!lua_isnone(L, 2)) {
|
|
|
|
|
styled = lua_toboolean(L, 2);
|
|
|
|
|
lua_pop(L, 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Json::Value root;
|
2013-12-19 00:17:26 +01:00
|
|
|
try {
|
2014-01-11 19:47:59 +01:00
|
|
|
read_json_value(L, root, 1);
|
2013-12-19 00:17:26 +01:00
|
|
|
} catch (SerializationError &e) {
|
|
|
|
|
lua_pushnil(L);
|
|
|
|
|
lua_pushstring(L, e.what());
|
|
|
|
|
return 2;
|
|
|
|
|
}
|
2013-12-18 22:46:53 +01:00
|
|
|
|
|
|
|
|
std::string out;
|
|
|
|
|
if (styled) {
|
|
|
|
|
Json::StyledWriter writer;
|
|
|
|
|
out = writer.write(root);
|
|
|
|
|
} else {
|
|
|
|
|
Json::FastWriter writer;
|
|
|
|
|
out = writer.write(root);
|
|
|
|
|
}
|
|
|
|
|
lua_pushlstring(L, out.c_str(), out.size());
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-11 04:09:45 +02:00
|
|
|
// get_dig_params(groups, tool_capabilities[, time_from_last_punch])
|
|
|
|
|
int ModApiUtil::l_get_dig_params(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
std::map<std::string, int> groups;
|
|
|
|
|
read_groups(L, 1, groups);
|
|
|
|
|
ToolCapabilities tp = read_tool_capabilities(L, 2);
|
|
|
|
|
if(lua_isnoneornil(L, 3))
|
|
|
|
|
push_dig_params(L, getDigParams(groups, &tp));
|
|
|
|
|
else
|
|
|
|
|
push_dig_params(L, getDigParams(groups, &tp,
|
|
|
|
|
luaL_checknumber(L, 3)));
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// get_hit_params(groups, tool_capabilities[, time_from_last_punch])
|
|
|
|
|
int ModApiUtil::l_get_hit_params(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
std::map<std::string, int> groups;
|
|
|
|
|
read_groups(L, 1, groups);
|
|
|
|
|
ToolCapabilities tp = read_tool_capabilities(L, 2);
|
|
|
|
|
if(lua_isnoneornil(L, 3))
|
|
|
|
|
push_hit_params(L, getHitParams(groups, &tp));
|
|
|
|
|
else
|
|
|
|
|
push_hit_params(L, getHitParams(groups, &tp,
|
|
|
|
|
luaL_checknumber(L, 3)));
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
Add minetest.check_password_entry callback
Gives a convenient way to check a player's password.
This entirely bypasses the SRP protocol, so should be used
with great care.
This function is not intended to be used
in-game, but solely by external protocols, where no
authentication of the minetest engine is provided, and
also only for protocols, in which the user already gives the
server the plaintext password.
Examples for good use are the classical http form, or irc,
an example for a bad use is a password change dialog inside
formspec.
Users should be aware that they lose the advantages of the SRP
protocol if they enter their passwords for servers outside the
normal entry box, like in in-game formspec menus,
or through irc /msg s,
This patch also fixes an auth.h mistake which has mixed up the
order of params inside the decode_srp_verifier_and_salt function.
Zeno-: Added errorstream message for invalid format when I committed
2016-05-30 15:27:48 +02:00
|
|
|
// check_password_entry(name, entry, password)
|
|
|
|
|
int ModApiUtil::l_check_password_entry(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
std::string name = luaL_checkstring(L, 1);
|
|
|
|
|
std::string entry = luaL_checkstring(L, 2);
|
|
|
|
|
std::string password = luaL_checkstring(L, 3);
|
|
|
|
|
|
|
|
|
|
if (base64_is_valid(entry)) {
|
|
|
|
|
std::string hash = translate_password(name, password);
|
|
|
|
|
lua_pushboolean(L, hash == entry);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::string salt;
|
|
|
|
|
std::string verifier;
|
|
|
|
|
|
|
|
|
|
if (!decode_srp_verifier_and_salt(entry, &verifier, &salt)) {
|
|
|
|
|
// invalid format
|
|
|
|
|
warningstream << "Invalid password format for " << name << std::endl;
|
|
|
|
|
lua_pushboolean(L, false);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
std::string gen_verifier = generate_srp_verifier(name, password, salt);
|
|
|
|
|
|
|
|
|
|
lua_pushboolean(L, gen_verifier == verifier);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-11 04:09:45 +02:00
|
|
|
// get_password_hash(name, raw_password)
|
|
|
|
|
int ModApiUtil::l_get_password_hash(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
std::string name = luaL_checkstring(L, 1);
|
|
|
|
|
std::string raw_password = luaL_checkstring(L, 2);
|
2016-03-09 03:12:22 +01:00
|
|
|
std::string hash = translate_password(name, raw_password);
|
2013-08-11 04:09:45 +02:00
|
|
|
lua_pushstring(L, hash.c_str());
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-10 19:24:17 +02:00
|
|
|
// is_yes(arg)
|
2013-09-09 22:50:25 +02:00
|
|
|
int ModApiUtil::l_is_yes(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
2013-09-10 19:24:17 +02:00
|
|
|
|
|
|
|
|
lua_getglobal(L, "tostring"); // function to be called
|
|
|
|
|
lua_pushvalue(L, 1); // 1st argument
|
|
|
|
|
lua_call(L, 1, 1); // execute function
|
|
|
|
|
std::string str(lua_tostring(L, -1)); // get result
|
|
|
|
|
lua_pop(L, 1);
|
|
|
|
|
|
2013-09-09 22:50:25 +02:00
|
|
|
bool yes = is_yes(str);
|
|
|
|
|
lua_pushboolean(L, yes);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2014-04-27 23:55:49 +02:00
|
|
|
int ModApiUtil::l_get_builtin_path(lua_State *L)
|
|
|
|
|
{
|
2015-10-25 05:45:18 +01:00
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
|
2014-04-27 23:55:49 +02:00
|
|
|
std::string path = porting::path_share + DIR_DELIM + "builtin";
|
|
|
|
|
lua_pushstring(L, path.c_str());
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-14 23:42:08 +02:00
|
|
|
// compress(data, method, level)
|
|
|
|
|
int ModApiUtil::l_compress(lua_State *L)
|
|
|
|
|
{
|
2015-10-25 05:45:18 +01:00
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
|
2014-09-14 23:42:08 +02:00
|
|
|
size_t size;
|
|
|
|
|
const char *data = luaL_checklstring(L, 1, &size);
|
|
|
|
|
|
|
|
|
|
int level = -1;
|
|
|
|
|
if (!lua_isnone(L, 3) && !lua_isnil(L, 3))
|
|
|
|
|
level = luaL_checknumber(L, 3);
|
|
|
|
|
|
|
|
|
|
std::ostringstream os;
|
|
|
|
|
compressZlib(std::string(data, size), os, level);
|
|
|
|
|
|
|
|
|
|
std::string out = os.str();
|
|
|
|
|
|
|
|
|
|
lua_pushlstring(L, out.data(), out.size());
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// decompress(data, method)
|
|
|
|
|
int ModApiUtil::l_decompress(lua_State *L)
|
|
|
|
|
{
|
2015-10-25 05:45:18 +01:00
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
|
2014-09-14 23:42:08 +02:00
|
|
|
size_t size;
|
2014-09-10 03:52:07 +02:00
|
|
|
const char *data = luaL_checklstring(L, 1, &size);
|
2014-09-14 23:42:08 +02:00
|
|
|
|
|
|
|
|
std::istringstream is(std::string(data, size));
|
|
|
|
|
std::ostringstream os;
|
|
|
|
|
decompressZlib(is, os);
|
|
|
|
|
|
|
|
|
|
std::string out = os.str();
|
|
|
|
|
|
|
|
|
|
lua_pushlstring(L, out.data(), out.size());
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2014-04-27 23:55:49 +02:00
|
|
|
|
2016-05-28 05:37:28 +02:00
|
|
|
// encode_base64(string)
|
|
|
|
|
int ModApiUtil::l_encode_base64(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
|
|
|
|
|
size_t size;
|
|
|
|
|
const char *data = luaL_checklstring(L, 1, &size);
|
|
|
|
|
|
|
|
|
|
std::string out = base64_encode((const unsigned char *)(data), size);
|
|
|
|
|
|
|
|
|
|
lua_pushlstring(L, out.data(), out.size());
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// decode_base64(string)
|
|
|
|
|
int ModApiUtil::l_decode_base64(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
|
|
|
|
|
size_t size;
|
|
|
|
|
const char *data = luaL_checklstring(L, 1, &size);
|
|
|
|
|
|
|
|
|
|
std::string out = base64_decode(std::string(data, size));
|
|
|
|
|
|
|
|
|
|
lua_pushlstring(L, out.data(), out.size());
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-09 21:17:01 +02:00
|
|
|
// mkdir(path)
|
|
|
|
|
int ModApiUtil::l_mkdir(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
const char *path = luaL_checkstring(L, 1);
|
|
|
|
|
CHECK_SECURE_PATH_OPTIONAL(L, path);
|
|
|
|
|
lua_pushboolean(L, fs::CreateAllDirs(path));
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-04 20:59:13 +02:00
|
|
|
// get_dir_list(path, is_dir)
|
|
|
|
|
int ModApiUtil::l_get_dir_list(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
|
|
|
|
const char *path = luaL_checkstring(L, 1);
|
|
|
|
|
short is_dir = lua_isboolean(L, 2) ? lua_toboolean(L, 2) : -1;
|
|
|
|
|
|
|
|
|
|
CHECK_SECURE_PATH_OPTIONAL(L, path);
|
|
|
|
|
|
|
|
|
|
std::vector<fs::DirListNode> list = fs::GetDirListing(path);
|
|
|
|
|
|
|
|
|
|
int index = 0;
|
|
|
|
|
lua_newtable(L);
|
|
|
|
|
|
|
|
|
|
for (size_t i = 0; i < list.size(); i++) {
|
|
|
|
|
if (is_dir == -1 || is_dir == list[i].dir) {
|
|
|
|
|
lua_pushstring(L, list[i].name.c_str());
|
|
|
|
|
lua_rawseti(L, -2, ++index);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2014-09-09 21:17:01 +02:00
|
|
|
|
2014-09-10 03:52:07 +02:00
|
|
|
int ModApiUtil::l_request_insecure_environment(lua_State *L)
|
|
|
|
|
{
|
|
|
|
|
NO_MAP_LOCK_REQUIRED;
|
2016-02-18 22:06:07 +01:00
|
|
|
|
|
|
|
|
// Just return _G if security is disabled
|
2014-09-10 03:52:07 +02:00
|
|
|
if (!ScriptApiSecurity::isSecure(L)) {
|
|
|
|
|
lua_getglobal(L, "_G");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2016-02-18 22:06:07 +01:00
|
|
|
|
|
|
|
|
// We have to make sure that this function is being called directly by
|
|
|
|
|
// a mod, otherwise a malicious mod could override this function and
|
|
|
|
|
// steal its return value.
|
|
|
|
|
lua_Debug info;
|
|
|
|
|
// Make sure there's only one item below this function on the stack...
|
|
|
|
|
if (lua_getstack(L, 2, &info)) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-02-25 09:47:28 +01:00
|
|
|
FATAL_ERROR_IF(!lua_getstack(L, 1, &info), "lua_getstack() failed");
|
|
|
|
|
FATAL_ERROR_IF(!lua_getinfo(L, "S", &info), "lua_getinfo() failed");
|
2016-02-18 22:06:07 +01:00
|
|
|
// ...and that that item is the main file scope.
|
|
|
|
|
if (strcmp(info.what, "main") != 0) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get mod name
|
2015-08-25 07:00:56 +02:00
|
|
|
lua_rawgeti(L, LUA_REGISTRYINDEX, CUSTOM_RIDX_CURRENT_MOD_NAME);
|
2014-09-10 03:52:07 +02:00
|
|
|
if (!lua_isstring(L, -1)) {
|
2016-02-18 22:06:07 +01:00
|
|
|
return 0;
|
2014-09-10 03:52:07 +02:00
|
|
|
}
|
2016-02-18 22:06:07 +01:00
|
|
|
|
|
|
|
|
// Check secure.trusted_mods
|
2014-09-10 03:52:07 +02:00
|
|
|
const char *mod_name = lua_tostring(L, -1);
|
|
|
|
|
std::string trusted_mods = g_settings->get("secure.trusted_mods");
|
2016-08-04 00:41:54 +02:00
|
|
|
trusted_mods.erase(std::remove_if(trusted_mods.begin(),
|
|
|
|
|
trusted_mods.end(), static_cast<int(*)(int)>(&std::isspace)),
|
|
|
|
|
trusted_mods.end());
|
2014-09-10 03:52:07 +02:00
|
|
|
std::vector<std::string> mod_list = str_split(trusted_mods, ',');
|
2016-02-18 22:06:07 +01:00
|
|
|
if (std::find(mod_list.begin(), mod_list.end(), mod_name) ==
|
|
|
|
|
mod_list.end()) {
|
|
|
|
|
return 0;
|
2014-09-10 03:52:07 +02:00
|
|
|
}
|
2016-02-18 22:06:07 +01:00
|
|
|
|
|
|
|
|
// Push insecure environment
|
2015-08-25 07:00:56 +02:00
|
|
|
lua_rawgeti(L, LUA_REGISTRYINDEX, CUSTOM_RIDX_GLOBALS_BACKUP);
|
2014-09-10 03:52:07 +02:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2013-08-11 04:09:45 +02:00
|
|
|
void ModApiUtil::Initialize(lua_State *L, int top)
|
|
|
|
|
{
|
|
|
|
|
API_FCT(log);
|
|
|
|
|
|
2015-10-26 08:45:55 +01:00
|
|
|
API_FCT(get_us_time);
|
|
|
|
|
|
2013-08-11 04:09:45 +02:00
|
|
|
API_FCT(setting_set);
|
|
|
|
|
API_FCT(setting_get);
|
|
|
|
|
API_FCT(setting_setbool);
|
|
|
|
|
API_FCT(setting_getbool);
|
|
|
|
|
API_FCT(setting_save);
|
|
|
|
|
|
2013-09-02 02:01:49 +02:00
|
|
|
API_FCT(parse_json);
|
2013-12-18 22:46:53 +01:00
|
|
|
API_FCT(write_json);
|
2013-09-02 02:01:49 +02:00
|
|
|
|
2013-08-11 04:09:45 +02:00
|
|
|
API_FCT(get_dig_params);
|
|
|
|
|
API_FCT(get_hit_params);
|
|
|
|
|
|
Add minetest.check_password_entry callback
Gives a convenient way to check a player's password.
This entirely bypasses the SRP protocol, so should be used
with great care.
This function is not intended to be used
in-game, but solely by external protocols, where no
authentication of the minetest engine is provided, and
also only for protocols, in which the user already gives the
server the plaintext password.
Examples for good use are the classical http form, or irc,
an example for a bad use is a password change dialog inside
formspec.
Users should be aware that they lose the advantages of the SRP
protocol if they enter their passwords for servers outside the
normal entry box, like in in-game formspec menus,
or through irc /msg s,
This patch also fixes an auth.h mistake which has mixed up the
order of params inside the decode_srp_verifier_and_salt function.
Zeno-: Added errorstream message for invalid format when I committed
2016-05-30 15:27:48 +02:00
|
|
|
API_FCT(check_password_entry);
|
2013-08-11 04:09:45 +02:00
|
|
|
API_FCT(get_password_hash);
|
2013-09-09 22:50:25 +02:00
|
|
|
|
|
|
|
|
API_FCT(is_yes);
|
2014-04-27 23:55:49 +02:00
|
|
|
|
|
|
|
|
API_FCT(get_builtin_path);
|
2014-09-14 23:42:08 +02:00
|
|
|
|
|
|
|
|
API_FCT(compress);
|
|
|
|
|
API_FCT(decompress);
|
2014-09-09 21:17:01 +02:00
|
|
|
|
|
|
|
|
API_FCT(mkdir);
|
2015-05-04 20:59:13 +02:00
|
|
|
API_FCT(get_dir_list);
|
2014-09-10 03:52:07 +02:00
|
|
|
|
|
|
|
|
API_FCT(request_insecure_environment);
|
2016-05-28 05:37:28 +02:00
|
|
|
|
|
|
|
|
API_FCT(encode_base64);
|
|
|
|
|
API_FCT(decode_base64);
|
2013-08-11 04:09:45 +02:00
|
|
|
}
|
|
|
|
|
|
2013-11-26 18:15:31 +01:00
|
|
|
void ModApiUtil::InitializeAsync(AsyncEngine& engine)
|
|
|
|
|
{
|
|
|
|
|
ASYNC_API_FCT(log);
|
|
|
|
|
|
2015-10-26 08:45:55 +01:00
|
|
|
ASYNC_API_FCT(get_us_time);
|
|
|
|
|
|
2013-11-26 18:15:31 +01:00
|
|
|
//ASYNC_API_FCT(setting_set);
|
|
|
|
|
ASYNC_API_FCT(setting_get);
|
|
|
|
|
//ASYNC_API_FCT(setting_setbool);
|
|
|
|
|
ASYNC_API_FCT(setting_getbool);
|
|
|
|
|
//ASYNC_API_FCT(setting_save);
|
|
|
|
|
|
|
|
|
|
ASYNC_API_FCT(parse_json);
|
2014-05-07 06:01:24 +02:00
|
|
|
ASYNC_API_FCT(write_json);
|
2013-11-26 18:15:31 +01:00
|
|
|
|
|
|
|
|
ASYNC_API_FCT(is_yes);
|
2014-04-27 23:55:49 +02:00
|
|
|
|
|
|
|
|
ASYNC_API_FCT(get_builtin_path);
|
2014-09-14 23:42:08 +02:00
|
|
|
|
|
|
|
|
ASYNC_API_FCT(compress);
|
|
|
|
|
ASYNC_API_FCT(decompress);
|
2014-09-09 21:17:01 +02:00
|
|
|
|
|
|
|
|
ASYNC_API_FCT(mkdir);
|
2015-05-04 20:59:13 +02:00
|
|
|
ASYNC_API_FCT(get_dir_list);
|
2016-05-28 05:37:28 +02:00
|
|
|
|
|
|
|
|
ASYNC_API_FCT(encode_base64);
|
|
|
|
|
ASYNC_API_FCT(decode_base64);
|
2013-11-26 18:15:31 +01:00
|
|
|
}
|
2014-04-27 23:55:49 +02:00
|
|
|
|
