forked from Mirrorlandia_minetest/minetest
Much better API for auth.{cpp, h}
* No function overloading * Adhere coding style and with method names following lowercase_underscore_style * Use std::string in external API, handling these is much more fun
This commit is contained in:
parent
bb2ee54d3b
commit
e0151d1054
@ -399,7 +399,7 @@ void Client::step(float dtime)
|
|||||||
memset(pName, 0, PLAYERNAME_SIZE * sizeof(char));
|
memset(pName, 0, PLAYERNAME_SIZE * sizeof(char));
|
||||||
memset(pPassword, 0, PASSWORD_SIZE * sizeof(char));
|
memset(pPassword, 0, PASSWORD_SIZE * sizeof(char));
|
||||||
|
|
||||||
std::string hashed_password = translatePassword(myplayer->getName(), m_password);
|
std::string hashed_password = translate_password(myplayer->getName(), m_password);
|
||||||
snprintf(pName, PLAYERNAME_SIZE, "%s", myplayer->getName());
|
snprintf(pName, PLAYERNAME_SIZE, "%s", myplayer->getName());
|
||||||
snprintf(pPassword, PASSWORD_SIZE, "%s", hashed_password.c_str());
|
snprintf(pPassword, PASSWORD_SIZE, "%s", hashed_password.c_str());
|
||||||
|
|
||||||
@ -1031,18 +1031,14 @@ void Client::startAuth(AuthMechanism chosen_auth_mechanism)
|
|||||||
switch (chosen_auth_mechanism) {
|
switch (chosen_auth_mechanism) {
|
||||||
case AUTH_MECHANISM_FIRST_SRP: {
|
case AUTH_MECHANISM_FIRST_SRP: {
|
||||||
// send srp verifier to server
|
// send srp verifier to server
|
||||||
|
std::string verifier;
|
||||||
|
std::string salt;
|
||||||
|
generate_srp_verifier_and_salt(getPlayerName(), m_password,
|
||||||
|
&verifier, &salt);
|
||||||
|
|
||||||
NetworkPacket resp_pkt(TOSERVER_FIRST_SRP, 0);
|
NetworkPacket resp_pkt(TOSERVER_FIRST_SRP, 0);
|
||||||
char *salt, *bytes_v;
|
resp_pkt << salt << verifier << (u8)((m_password == "") ? 1 : 0);
|
||||||
std::size_t len_salt, len_v;
|
|
||||||
salt = NULL;
|
|
||||||
getSRPVerifier(getPlayerName(), m_password,
|
|
||||||
&salt, &len_salt, &bytes_v, &len_v);
|
|
||||||
resp_pkt
|
|
||||||
<< std::string((char*)salt, len_salt)
|
|
||||||
<< std::string((char*)bytes_v, len_v)
|
|
||||||
<< (u8)((m_password == "") ? 1 : 0);
|
|
||||||
free(salt);
|
|
||||||
free(bytes_v);
|
|
||||||
Send(&resp_pkt);
|
Send(&resp_pkt);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -1051,7 +1047,7 @@ void Client::startAuth(AuthMechanism chosen_auth_mechanism)
|
|||||||
u8 based_on = 1;
|
u8 based_on = 1;
|
||||||
|
|
||||||
if (chosen_auth_mechanism == AUTH_MECHANISM_LEGACY_PASSWORD) {
|
if (chosen_auth_mechanism == AUTH_MECHANISM_LEGACY_PASSWORD) {
|
||||||
m_password = translatePassword(getPlayerName(), m_password);
|
m_password = translate_password(getPlayerName(), m_password);
|
||||||
based_on = 0;
|
based_on = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1197,8 +1193,8 @@ void Client::sendChangePassword(const std::string &oldpassword,
|
|||||||
m_new_password = newpassword;
|
m_new_password = newpassword;
|
||||||
startAuth(choseAuthMech(m_sudo_auth_methods));
|
startAuth(choseAuthMech(m_sudo_auth_methods));
|
||||||
} else {
|
} else {
|
||||||
std::string oldpwd = translatePassword(playername, oldpassword);
|
std::string oldpwd = translate_password(playername, oldpassword);
|
||||||
std::string newpwd = translatePassword(playername, newpassword);
|
std::string newpwd = translate_password(playername, newpassword);
|
||||||
|
|
||||||
NetworkPacket pkt(TOSERVER_PASSWORD_LEGACY, 2 * PASSWORD_SIZE);
|
NetworkPacket pkt(TOSERVER_PASSWORD_LEGACY, 2 * PASSWORD_SIZE);
|
||||||
|
|
||||||
|
@ -261,9 +261,9 @@ void Server::handleCommand_Init(NetworkPacket* pkt)
|
|||||||
auth_mechs |= AUTH_MECHANISM_FIRST_SRP;
|
auth_mechs |= AUTH_MECHANISM_FIRST_SRP;
|
||||||
} else {
|
} else {
|
||||||
// Take care of default passwords.
|
// Take care of default passwords.
|
||||||
client->enc_pwd = getSRPVerifier(playerName, default_password);
|
client->enc_pwd = get_encoded_srp_verifier(playerName, default_password);
|
||||||
auth_mechs |= AUTH_MECHANISM_SRP;
|
auth_mechs |= AUTH_MECHANISM_SRP;
|
||||||
// Create auth, but only on successful login
|
// Allocate player in db, but only on successful login.
|
||||||
client->create_player_on_auth_success = true;
|
client->create_player_on_auth_success = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -549,7 +549,7 @@ void Server::handleCommand_Init_Legacy(NetworkPacket* pkt)
|
|||||||
std::string raw_default_password =
|
std::string raw_default_password =
|
||||||
g_settings->get("default_password");
|
g_settings->get("default_password");
|
||||||
std::string initial_password =
|
std::string initial_password =
|
||||||
translatePassword(playername, raw_default_password);
|
translate_password(playername, raw_default_password);
|
||||||
|
|
||||||
// If default_password is empty, allow any initial password
|
// If default_password is empty, allow any initial password
|
||||||
if (raw_default_password.length() == 0)
|
if (raw_default_password.length() == 0)
|
||||||
@ -1831,7 +1831,7 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt)
|
|||||||
|
|
||||||
std::string initial_ver_key;
|
std::string initial_ver_key;
|
||||||
|
|
||||||
initial_ver_key = encodeSRPVerifier(verification_key, salt);
|
initial_ver_key = encode_srp_verifier(verification_key, salt);
|
||||||
m_script->createAuth(playername, initial_ver_key);
|
m_script->createAuth(playername, initial_ver_key);
|
||||||
|
|
||||||
acceptAuth(pkt->getPeerId(), false);
|
acceptAuth(pkt->getPeerId(), false);
|
||||||
@ -1843,7 +1843,7 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
m_clients.event(pkt->getPeerId(), CSE_SudoLeave);
|
m_clients.event(pkt->getPeerId(), CSE_SudoLeave);
|
||||||
std::string pw_db_field = encodeSRPVerifier(verification_key, salt);
|
std::string pw_db_field = encode_srp_verifier(verification_key, salt);
|
||||||
bool success = m_script->setPassword(playername, pw_db_field);
|
bool success = m_script->setPassword(playername, pw_db_field);
|
||||||
if (success) {
|
if (success) {
|
||||||
actionstream << playername << " changes password" << std::endl;
|
actionstream << playername << " changes password" << std::endl;
|
||||||
@ -1917,22 +1917,14 @@ void Server::handleCommand_SrpBytesA(NetworkPacket* pkt)
|
|||||||
|
|
||||||
client->chosen_mech = chosen;
|
client->chosen_mech = chosen;
|
||||||
|
|
||||||
std::string bytes_s;
|
std::string salt;
|
||||||
std::string bytes_v;
|
std::string verifier;
|
||||||
|
|
||||||
if (based_on == 0) {
|
if (based_on == 0) {
|
||||||
char *p_bytes_s = 0;
|
|
||||||
size_t len_s = 0;
|
generate_srp_verifier_and_salt(client->getName(), client->enc_pwd,
|
||||||
char *p_bytes_v = 0;
|
&verifier, &salt);
|
||||||
size_t len_v = 0;
|
} else if (!decode_srp_verifier_and_salt(client->enc_pwd, &verifier, &salt)) {
|
||||||
getSRPVerifier(client->getName(), client->enc_pwd,
|
|
||||||
&p_bytes_s, &len_s,
|
|
||||||
&p_bytes_v, &len_v);
|
|
||||||
bytes_s = std::string(p_bytes_s, len_s);
|
|
||||||
bytes_v = std::string(p_bytes_v, len_v);
|
|
||||||
free(p_bytes_s);
|
|
||||||
free(p_bytes_v);
|
|
||||||
} else if (!decodeSRPVerifier(client->enc_pwd, &bytes_s, &bytes_v)) {
|
|
||||||
// Non-base64 errors should have been catched in the init handler
|
// Non-base64 errors should have been catched in the init handler
|
||||||
actionstream << "Server: User " << client->getName()
|
actionstream << "Server: User " << client->getName()
|
||||||
<< " tried to log in, but srp verifier field"
|
<< " tried to log in, but srp verifier field"
|
||||||
@ -1946,8 +1938,8 @@ void Server::handleCommand_SrpBytesA(NetworkPacket* pkt)
|
|||||||
|
|
||||||
client->auth_data = srp_verifier_new(SRP_SHA256, SRP_NG_2048,
|
client->auth_data = srp_verifier_new(SRP_SHA256, SRP_NG_2048,
|
||||||
client->getName().c_str(),
|
client->getName().c_str(),
|
||||||
(const unsigned char *) bytes_s.c_str(), bytes_s.size(),
|
(const unsigned char *) salt.c_str(), salt.size(),
|
||||||
(const unsigned char *) bytes_v.c_str(), bytes_v.size(),
|
(const unsigned char *) verifier.c_str(), verifier.size(),
|
||||||
(const unsigned char *) bytes_A.c_str(), bytes_A.size(),
|
(const unsigned char *) bytes_A.c_str(), bytes_A.size(),
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
(unsigned char **) &bytes_B, &len_B, NULL, NULL);
|
(unsigned char **) &bytes_B, &len_B, NULL, NULL);
|
||||||
@ -1966,7 +1958,7 @@ void Server::handleCommand_SrpBytesA(NetworkPacket* pkt)
|
|||||||
}
|
}
|
||||||
|
|
||||||
NetworkPacket resp_pkt(TOCLIENT_SRP_BYTES_S_B, 0, pkt->getPeerId());
|
NetworkPacket resp_pkt(TOCLIENT_SRP_BYTES_S_B, 0, pkt->getPeerId());
|
||||||
resp_pkt << bytes_s << std::string(bytes_B, len_B);
|
resp_pkt << salt << std::string(bytes_B, len_B);
|
||||||
Send(&resp_pkt);
|
Send(&resp_pkt);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -251,7 +251,7 @@ int ModApiUtil::l_get_password_hash(lua_State *L)
|
|||||||
NO_MAP_LOCK_REQUIRED;
|
NO_MAP_LOCK_REQUIRED;
|
||||||
std::string name = luaL_checkstring(L, 1);
|
std::string name = luaL_checkstring(L, 1);
|
||||||
std::string raw_password = luaL_checkstring(L, 2);
|
std::string raw_password = luaL_checkstring(L, 2);
|
||||||
std::string hash = translatePassword(name, raw_password);
|
std::string hash = translate_password(name, raw_password);
|
||||||
lua_pushstring(L, hash.c_str());
|
lua_pushstring(L, hash.c_str());
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
/*
|
/*
|
||||||
Minetest
|
Minetest
|
||||||
Copyright (C) 2015 est31 <MTest31@outlook.com>
|
Copyright (C) 2015, 2016 est31 <MTest31@outlook.com>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU Lesser General Public License as published by
|
it under the terms of the GNU Lesser General Public License as published by
|
||||||
@ -31,7 +31,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
|||||||
// their password. (Exception : if the password field is
|
// their password. (Exception : if the password field is
|
||||||
// blank, we send a blank password - this is for backwards
|
// blank, we send a blank password - this is for backwards
|
||||||
// compatibility with password-less players).
|
// compatibility with password-less players).
|
||||||
std::string translatePassword(const std::string &name,
|
std::string translate_password(const std::string &name,
|
||||||
const std::string &password)
|
const std::string &password)
|
||||||
{
|
{
|
||||||
if (password.length() == 0)
|
if (password.length() == 0)
|
||||||
@ -46,7 +46,11 @@ std::string translatePassword(const std::string &name,
|
|||||||
return pwd;
|
return pwd;
|
||||||
}
|
}
|
||||||
|
|
||||||
void getSRPVerifier(const std::string &name,
|
// Call lower level SRP code to generate a verifier with the
|
||||||
|
// given pointers. Contains the preparations, call parameters
|
||||||
|
// and error checking common to all srp verifier generation code.
|
||||||
|
// See docs of srp_create_salted_verification_key for more info.
|
||||||
|
static inline void gen_srp_v(const std::string &name,
|
||||||
const std::string &password, char **salt, size_t *salt_len,
|
const std::string &password, char **salt, size_t *salt_len,
|
||||||
char **bytes_v, size_t *len_v)
|
char **bytes_v, size_t *len_v)
|
||||||
{
|
{
|
||||||
@ -58,72 +62,76 @@ void getSRPVerifier(const std::string &name,
|
|||||||
FATAL_ERROR_IF(res != SRP_OK, "Couldn't create salted SRP verifier");
|
FATAL_ERROR_IF(res != SRP_OK, "Couldn't create salted SRP verifier");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get a db-ready SRP verifier
|
/// Creates a verification key with given salt and password.
|
||||||
// If the salt param is NULL, one is automatically generated.
|
std::string generate_srp_verifier(const std::string &name,
|
||||||
// Please free() it afterwards. You shouldn't use it for other purposes,
|
|
||||||
// as you will need the contents of salt_len too.
|
|
||||||
inline static std::string getSRPVerifier(const std::string &name,
|
|
||||||
const std::string &password, char ** salt, size_t salt_len)
|
|
||||||
{
|
|
||||||
char * bytes_v = NULL;
|
|
||||||
size_t len_v;
|
|
||||||
getSRPVerifier(name, password, salt, &salt_len,
|
|
||||||
&bytes_v, &len_v);
|
|
||||||
assert(*salt); // usually, srp_create_salted_verification_key promises us to return SRP_ERR when *salt == NULL
|
|
||||||
std::string ret_val = encodeSRPVerifier(std::string(bytes_v, len_v),
|
|
||||||
std::string(*salt, salt_len));
|
|
||||||
free(bytes_v);
|
|
||||||
return ret_val;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Get a db-ready SRP verifier
|
|
||||||
std::string getSRPVerifier(const std::string &name,
|
|
||||||
const std::string &password)
|
|
||||||
{
|
|
||||||
char * salt = NULL;
|
|
||||||
std::string ret_val = getSRPVerifier(name,
|
|
||||||
password, &salt, 0);
|
|
||||||
free(salt);
|
|
||||||
return ret_val;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Get a db-ready SRP verifier
|
|
||||||
std::string getSRPVerifier(const std::string &name,
|
|
||||||
const std::string &password, const std::string &salt)
|
const std::string &password, const std::string &salt)
|
||||||
{
|
{
|
||||||
// The implementation won't change the salt if its set,
|
size_t salt_len = salt.size();
|
||||||
// therefore we can cast.
|
// The API promises us that the salt doesn't
|
||||||
char *salt_cstr = (char *)salt.c_str();
|
// get modified if &salt_ptr isn't NULL.
|
||||||
return getSRPVerifier(name, password,
|
char *salt_ptr = (char *)salt.c_str();
|
||||||
&salt_cstr, salt.size());
|
|
||||||
|
char *bytes_v = NULL;
|
||||||
|
size_t verifier_len = 0;
|
||||||
|
gen_srp_v(name, password, &salt_ptr, &salt_len, &bytes_v, &verifier_len);
|
||||||
|
std::string verifier = std::string(bytes_v, verifier_len);
|
||||||
|
free(bytes_v);
|
||||||
|
return verifier;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Make a SRP verifier db-ready
|
/// Creates a verification key and salt with given password.
|
||||||
std::string encodeSRPVerifier(const std::string &verifier,
|
void generate_srp_verifier_and_salt(const std::string &name,
|
||||||
|
const std::string &password, std::string *verifier,
|
||||||
|
std::string *salt)
|
||||||
|
{
|
||||||
|
char *bytes_v = NULL;
|
||||||
|
size_t verifier_len;
|
||||||
|
char *salt_ptr = NULL;
|
||||||
|
size_t salt_len;
|
||||||
|
gen_srp_v(name, password, &salt_ptr, &salt_len, &bytes_v, &verifier_len);
|
||||||
|
*verifier = std::string(bytes_v, verifier_len);
|
||||||
|
*salt = std::string(salt_ptr, salt_len);
|
||||||
|
free(bytes_v);
|
||||||
|
free(salt_ptr);
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Gets an SRP verifier, generating a salt,
|
||||||
|
/// and encodes it as DB-ready string.
|
||||||
|
std::string get_encoded_srp_verifier(const std::string &name,
|
||||||
|
const std::string &password)
|
||||||
|
{
|
||||||
|
std::string verifier;
|
||||||
|
std::string salt;
|
||||||
|
generate_srp_verifier_and_salt(name, password, &verifier, &salt);
|
||||||
|
return encode_srp_verifier(verifier, salt);
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Converts the passed SRP verifier into a DB-ready format.
|
||||||
|
std::string encode_srp_verifier(const std::string &verifier,
|
||||||
const std::string &salt)
|
const std::string &salt)
|
||||||
{
|
{
|
||||||
std::ostringstream ret_str;
|
std::ostringstream ret_str;
|
||||||
ret_str << "#1#"
|
ret_str << "#1#"
|
||||||
<< base64_encode((unsigned char*) salt.c_str(), salt.size()) << "#"
|
<< base64_encode((unsigned char *)salt.c_str(), salt.size()) << "#"
|
||||||
<< base64_encode((unsigned char*) verifier.c_str(), verifier.size());
|
<< base64_encode((unsigned char *)verifier.c_str(), verifier.size());
|
||||||
return ret_str.str();
|
return ret_str.str();
|
||||||
}
|
}
|
||||||
|
|
||||||
bool decodeSRPVerifier(const std::string &enc_pwd,
|
/// Reads the DB-formatted SRP verifier and gets the verifier
|
||||||
std::string *salt, std::string *bytes_v)
|
/// and salt components.
|
||||||
|
bool decode_srp_verifier_and_salt(const std::string &encoded,
|
||||||
|
std::string *verifier, std::string *salt)
|
||||||
{
|
{
|
||||||
std::vector<std::string> pwd_components = str_split(enc_pwd, '#');
|
std::vector<std::string> components = str_split(encoded, '#');
|
||||||
|
|
||||||
if ((pwd_components.size() != 4)
|
if ((components.size() != 4)
|
||||||
|| (pwd_components[1] != "1") // 1 means srp
|
|| (components[1] != "1") // 1 means srp
|
||||||
|| !base64_is_valid(pwd_components[2])
|
|| !base64_is_valid(components[2])
|
||||||
|| !base64_is_valid(pwd_components[3]))
|
|| !base64_is_valid(components[3]))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
std::string salt_str = base64_decode(pwd_components[2]);
|
*salt = base64_decode(components[2]);
|
||||||
std::string bytes_v_str = base64_decode(pwd_components[3]);
|
*verifier = base64_decode(components[3]);
|
||||||
*salt = salt_str;
|
|
||||||
*bytes_v = bytes_v_str;
|
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
/*
|
/*
|
||||||
Minetest
|
Minetest
|
||||||
Copyright (C) 2015 est31 <MTest31@outlook.com>
|
Copyright (C) 2015, 2016 est31 <MTest31@outlook.com>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU Lesser General Public License as published by
|
it under the terms of the GNU Lesser General Public License as published by
|
||||||
@ -20,18 +20,31 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
|||||||
#ifndef AUTH_H
|
#ifndef AUTH_H
|
||||||
#define AUTH_H
|
#define AUTH_H
|
||||||
|
|
||||||
std::string translatePassword(const std::string &name,
|
/// Gets the base64 encoded legacy password db entry.
|
||||||
|
std::string translate_password(const std::string &name,
|
||||||
const std::string &password);
|
const std::string &password);
|
||||||
void getSRPVerifier(const std::string &name,
|
|
||||||
const std::string &password, char **salt, size_t *salt_len,
|
/// Creates a verification key with given salt and password.
|
||||||
char **bytes_v, size_t *len_v);
|
std::string generate_srp_verifier(const std::string &name,
|
||||||
std::string getSRPVerifier(const std::string &name,
|
|
||||||
const std::string &password);
|
|
||||||
std::string getSRPVerifier(const std::string &name,
|
|
||||||
const std::string &password, const std::string &salt);
|
const std::string &password, const std::string &salt);
|
||||||
std::string encodeSRPVerifier(const std::string &verifier,
|
|
||||||
|
/// Creates a verification key and salt with given password.
|
||||||
|
void generate_srp_verifier_and_salt(const std::string &name,
|
||||||
|
const std::string &password, std::string *verifier,
|
||||||
|
std::string *salt);
|
||||||
|
|
||||||
|
/// Gets an SRP verifier, generating a salt,
|
||||||
|
/// and encodes it as DB-ready string.
|
||||||
|
std::string get_encoded_srp_verifier(const std::string &name,
|
||||||
|
const std::string &password);
|
||||||
|
|
||||||
|
/// Converts the passed SRP verifier into a DB-ready format.
|
||||||
|
std::string encode_srp_verifier(const std::string &verifier,
|
||||||
const std::string &salt);
|
const std::string &salt);
|
||||||
bool decodeSRPVerifier(const std::string &enc_pwd,
|
|
||||||
|
/// Reads the DB-formatted SRP verifier and gets the verifier
|
||||||
|
/// and salt components.
|
||||||
|
bool decode_srp_verifier_and_salt(const std::string &encoded,
|
||||||
std::string *salt, std::string *bytes_v);
|
std::string *salt, std::string *bytes_v);
|
||||||
|
|
||||||
#endif
|
#endif
|
Loading…
Reference in New Issue
Block a user